CVE-2023-44390

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...

CVE-2023-44390 HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes us...

CVE-2023-44390

HtmlSanitizer is a .NET library for cleaning HTML; vulnerability arises when foreign content is allowed (svg or math in the allowed list), enabling bypass of sanitization and injection of arbitrary HTML/JavaScript. Default configuration is not affected. Affected versions and fix: fixed in 8.0.723...

GHSA-43CP-6P3Q-2PC4 HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content

Impact The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. Specifically, the requirements for the vulnerability are: 1. Allowing one foreign element: svg, or math 2. Comments or one raw text element: iframe,...