CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

1 matches found

Github Security Blog•added 2018/11/09 5:47 p.m.•18 views

Cross-Site Scripting in sanitize-html

Affected versions of sanitize-html are vulnerable to cross-site scripting when allowedTags includes at least one nonTextTag. Proof of Concept js var sanitizeHtml = require'sanitize-html'; var dirty = '!/textarea!'; var clean = sanitizeHtmldirty, allowedTags: 'textarea' ; console.logclean; // !!...

6.1CVSS5.8AI score0.00286EPSS

Exploits1References7Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by