13 matches found
EUVD-2021-1183
Malware in sbrugna...
Improper Input Validation
Overview sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts with...
GHSA-MJXR-4V3X-Q3M4 Improper Input Validation in sanitize-html
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
Privilege Escalation
sanitize-html is vulnerable to privilege escalation. An attacker is able to bypass hostname whitelist for iframe element when the "allowIframeRelativeUrls" is set to true due to the hostnames set by the "allowedIframeHostnames" not properly validated...
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
CVE-2021-26540
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
Design/Logic Flaw
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...
Design/Logic Flaw
Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts...
CVE-2021-26539
CVE-2021-26539 affects Apostrophe Technologies sanitize-html prior to version 2.3.1. The vulnerability arises from improper handling of internationalized domain names (IDN), which can allow an attacker to bypass the hostname whitelist validated by the allowedIframeHostnames option. Impact is bypa...
CVE-2021-26539
Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name IDN which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option...
Abea Apostrophe Technologies sanitize-html security vulnerability
Abea Apostrophe Technologies sanitize-html is a formatting removal tool organized by Abea USA. It provides simple HTML tag removal with a clear API. A security vulnerability exists in Apostrophe Technologies sanitize-html versions prior to 2.3.1, which stems from the inability to properly handle...
PT-2021-17026
Name of the Vulnerable Software and Affected Versions sanitize-html versions prior to 2.3.1 Description The issue arises from improper handling of internationalized domain names IDN, which could allow an attacker to bypass hostname whitelist validation set by the allowedIframeHostnames option. Th...