Cross-Site Scripting (XSS)

@jitbit/htmlsanitizer is vulnerable to cross-site scripting. The vulnerability is due to improper sanitization caused by the code beautifier running after sanitation when used with a contentEditable element, allows an attacker to inject and execute malicious scripts in a victim’s browser...

CVE-2025-29771

HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the...

GHSA-VHV4-FH94-JM5X JS Html Sanitizer allows XSS when used with contentEditable

Impact XSS vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. Patches Patched in version 2.0.3...

MAL-2025-908 Malicious code in code-beautifyer (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 1aa07cb2a8c34d8fc5a6728b0985541456937811451149748ae9acdef4892e7c During installation, the package collects quite extensive information about the host and has no other purpose. To avoid detection, the real code is put in a ZI...