Sanitize-html Security Vulnerabilities and Issues — Sanitize-html CVE List

Lucene search

ApostrophecmsSanitize-html

5 matches found

CVE•added 2024/02/24 5:15 a.m.•201 views

CVE-2024-21501

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details abou...

5.3CVSS5AI score0.01341EPSS

CVE•added 2021/02/08 5:15 p.m.•133 views

CVE-2021-26539

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the "allowedIframeHostnames" option.

5.3CVSS5AI score0.00288EPSS

CVE•added 2022/08/30 5:15 a.m.•127 views

CVE-2022-25887

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regular expression replacement logic of HTML comment removal.

7.5CVSS6.1AI score0.00051EPSS

CVE•added 2021/02/08 5:15 p.m.•78 views

CVE-2021-26540

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows attackers to bypass hostname whitelist for iframe element, related using an src value that starts wi...

5.3CVSS5.1AI score0.00288EPSS

CVE•added 2020/01/23 3:15 p.m.•40 views

CVE-2016-1000237

sanitize-html before 1.4.3 has XSS.

6.1CVSS6.2AI score0.00328EPSS