4 matches found
Improper Encoding Or Escaping Of Output
HtmlSanitizer is vulnerable to Improper Encoding or Escaping of Output. The vulnerability is due to improper sanitization of content inside the allowed tag, which allows an attacker to inject malicious scripts that can execute when the shadowrootmode attribute is set...
CVE-2026-25543
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its...
HtmlSanitizer has a bypass via template tag
Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...
GHSA-J92C-7V7G-GJ3F HtmlSanitizer has a bypass via template tag
Impact If the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. The lack of sanitization of the template tag brings up two bypasses: 1. it is still...