2 matches found
Linux Distros Unpatched Vulnerability : CVE-2014-125128
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - 'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting XSS. The function 'naughtyHref' doesn't properly validate the hyperreference href...
CVE-2014-125128
CVE-2014-125128 affects the sanitize-html library prior to 1.0.3. The root cause is the naughtyHref function not properly validating the href attribute in tags, allowing bypasses that rely on different casings, whitespace, or hexadecimal encodings. This leads to cross-site scripting (XSS) impact...