3 matches found
CVE-2017-16016
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...
CVE-2017-16016
CVE-2017-16016 affects the sanitize-html library. Versions ≤ 1.11.1 are vulnerable to cross-site scripting when allowedTags contains at least one nonTextTag. Root cause is improper sanitization in scenarios using nonTextTags, leading to potential XSS. Impact is mitigated by upgrading to 1.11.4 or...
CVE-2017-16016
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting XSS in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability...