DEBIAN-CVE-2023-36823

Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a...

UBUNTU-CVE-2023-36823

Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a...

Sanitize vulnerable to Cross-site Scripting via insufficient neutralization of `style` element content

Impact Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize = 3.0.0, = 6.0.2 performs additional escaping of CSS in style element content, which fixes this issue. Workarounds Users who are unable to upgrade can prevent this issue by using a...

Denial Of Service (DoS)

lettersanitizer is vulnerable to denial of service. The vulnerability exists in the sanitizeHtml function in index.js as it does not properly handle css at-rules, allowing an attacker to crash the system via a malicious request...

CVE-2022-31103 Improper handling of CSS at-rules in lettersanitizer

lettersanitizer is a DOM-based HTML email sanitizer for in-browser email rendering. All versions of lettersanitizer below 1.0.2 are affected by a denial of service issue when processing a CSS at-rule @keyframes. This package is depended on by react-letter, therefore everyone using react-letter is...