3 matches found
scribe-plugin-sanitizer (>=0.1.4 <=0.1.9) potentially affected by CVE-2017-0931 via html-janitor (>=0.2.0 <=1.1.0)
html-janitor NPM version =0.2.0, =0.1.4, =0.1.9 Source cves: CVE-2017-0931 Source advisory: OSV:GHSA-HFJ4-96F7-6R5G...
CVE-2017-0931
html-janitor node module suffers from a Cross-Site Scripting XSS vulnerability via clean accepting user-controlled values...
CVE-2017-0931
CVE-2017-0931 is tied to the html-janitor Node.js module and describes an XSS vulnerability when user-controlled data is passed to the clean() function. Affected versions are those prior to 2.0.2. The root cause involves unsafe DOM handling in a sandbox that allows arbitrary JavaScript execution,...