0.003 Low
EPSS
Percentile
71.7%
The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
docs.google.com/document/d/11SoX296sMS0XoQiQbpxc5pNxSdbJKDJkm5BDv0zrX50
github.com/microcosm-cc/bluemonday
github.com/microcosm-cc/bluemonday/commit/c788a2a4d42e081ad54a31368478820bb4a42fb4
nvd.nist.gov/vuln/detail/CVE-2021-42576
pkg.go.dev/vuln/GO-2022-0588