4 matches found
08cms (=1.0.0), 10secondsofcode-custom (=1.0.0) +3091 more potentially affected by CVE-2017-16017 via sanitize-html (>=0.1.4 <=1.27.5)
sanitize-html NPM version =0.1.4, =1.0.0, =1.0.0, =1.0.0, =0.6.0, =0.1.0, =0.1.0, =11.1.0, =1.0.0, =1.0.1, =0.2.0, =0.1.0, =0.19.1-rc.2, =0.19.1-rc.4 and more Source cves: CVE-2017-16017 Source advisory: OSV:GHSA-WG96-3933-J2W5...
CVE-2017-16017
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...
CVE-2017-16017
The CVE-2017-16017 entry concerns the sanitize-html library where versions 1.2.2 and earlier are vulnerable to cross-site scripting (XSS). The root cause is inadequate sanitization allowing attacker-controlled HTML/input to induce XSS, as documented in multiple sources (e.g., OSV GHSA entry and n...
CVE-2017-16017
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability...