23 matches found
EUVD-2018-0266
Malware in sbrugna...
EUVD-2018-0755
Malware in sbrugna...
GHSA-HFJ4-96F7-6R5G Cross-Site Scripting in html-janitor
Versions of html-janitor prior to 2.0.2 all current versions are vulnerable to cross-site scripting XSS. This is exploitable if user-controlled data is passed into the modules clean function. Recommendation No fix is currently available for this vulnerability. It is recommended to use an...
scribe-plugin-sanitizer (>=0.1.4 <=0.1.9) potentially affected by CVE-2017-0931 via html-janitor (>=0.2.0 <=1.1.0)
html-janitor NPM version =0.2.0, =0.1.4, =0.1.9 Source cves: CVE-2017-0931 Source advisory: OSV:GHSA-HFJ4-96F7-6R5G...
Cross-Site Scripting in html-janitor
Versions of html-janitor prior to 2.0.2 all current versions are vulnerable to cross-site scripting XSS. This is exploitable if user-controlled data is passed into the modules clean function. Recommendation No fix is currently available for this vulnerability. It is recommended to use an...
Bypassing Sanitization using DOM clobbering in html-janitor
All versions of html-janitor are vulnerable to cross-site scripting XSS. Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous XSS in case user-controlled input is passed to the clean function." Recommendation Upgrade to version 2.0.4 or later...
GHSA-FX46-WHRJ-73V5 Bypassing Sanitization using DOM clobbering in html-janitor
All versions of html-janitor are vulnerable to cross-site scripting XSS. Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous XSS in case user-controlled input is passed to the clean function." Recommendation Upgrade to version 2.0.4 or later...
Unspecified vulnerability in html-janitor
html-janitor is a module for controlling, cleaning up HTML. A security vulnerability exists in html-janitor. An attacker can exploit this vulnerability to bypass the filtering process with the help of the 'sanitized' variable...
html-janitor cross-site scripting vulnerability
html-janitor is a module for controlling, cleaning up HTML. A cross-site scripting vulnerability exists in html-janitor. A remote attacker can exploit this vulnerability by sending attacker-controlled data to the 'clean' function to execute arbitrary JavaScript code...
CVE-2017-0928
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the 'sanitized' variable causing sanitization to be bypassed...
CVE-2017-0931
html-janitor node module suffers from a Cross-Site Scripting XSS vulnerability via clean accepting user-controlled values...
CVE-2017-0931
html-janitor node module suffers from a Cross-Site Scripting XSS vulnerability via clean accepting user-controlled values...
CVE-2017-0928
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the 'sanitized' variable causing sanitization to be bypassed...
Cross site scripting
html-janitor node module suffers from a Cross-Site Scripting XSS vulnerability via clean accepting user-controlled values...
CVE-2017-0931
html-janitor node module suffers from a Cross-Site Scripting XSS vulnerability via clean accepting user-controlled values...
CVE-2017-0928
CVE-2017-0928 affects the html-janitor node module. The root cause is external control of the _sanitized variable, allowing sanitization bypass and enabling cross-site scripting (XSS). All versions are reported vulnerable (per multiple advisories), with remediation/mitigation guidance to upgrade ...
CVE-2017-0928
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the 'sanitized' variable causing sanitization to be bypassed...
CVE-2017-0931
CVE-2017-0931 is tied to the html-janitor Node.js module and describes an XSS vulnerability when user-controlled data is passed to the clean() function. Affected versions are those prior to 2.0.2. The root cause involves unsafe DOM handling in a sandbox that allows arbitrary JavaScript execution,...
Cross-Site Scripting
Overview Versions of html-janitor prior to 2.0.2 all current versions are vulnerable to cross-site scripting XSS. This is exploitable if user-controlled data is passed into the modules clean function. Recommendation No fix is currently available for this vulnerability. It is recommended to use an...
Bypassing Sanitization using DOM clobbering
Overview All versions of html-janitor are vulnerable to cross-site scripting XSS. Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous XSS in case user-controlled input is passed to the clean function." Recommendation Upgrade to version 2.0.4 or later. Reference...