Versions of html-janitor
prior to 2.0.2 (all current versions) are vulnerable to cross-site scripting (XSS).
This is exploitable if user-controlled data is passed into the modules clean()
function.
No fix is currently available for this vulnerability. It is recommended to use an alternative module for HTML sanitization.
CPE | Name | Operator | Version |
---|---|---|---|
html-janitor | ge | 0.0.0 |