The bluemonday sanitizer before 1.0.16 for Go, and before 0.0.8 for Python (in pybluemonday), does not properly enforce policies associated with the SELECT, STYLE, and OPTION elements.
CPE | Name | Operator | Version |
---|---|---|---|
bluemonday | lt | 1.0.16 | |
pybluemonday | lt | 0.0.8 |