4 matches found
08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +3093 more potentially affected by CVE-2016-1000237 via sanitize-html (>=0.1.4 <=1.4.2)
sanitize-html NPM version =0.1.4, =1.0.0, =1.0.0, =1.0.0, =0.6.0, =0.1.0, =0.1.0, =11.1.0, =1.0.0, =1.0.1, =0.2.0, =0.1.0, =0.19.1-rc.2, =0.19.1-rc.4 and more Source cves: CVE-2016-1000237 Source advisory: OSV:GHSA-3J7M-HMH3-9JMP...
CVE-2016-1000237
sanitize-html before 1.4.3 has XSS...
CVE-2016-1000237
CVE-2016-1000237 affects sanitize-html prior to 1.4.3, where input is not sanitized recursively which may allow XSS. Documented in multiple sources (Node.js advisory GHSA-3J7M-HMH3-9JMP, Red Hat, Debian, NVD/NVD list). Impact is cross-site scripting via vulnerable sanitize-html versions; exploita...
CVE-2016-1000237
sanitize-html before 1.4.3 has XSS...