2 matches found
CVE-2017-16016
CVE-2017-16016 affects the sanitize-html library. Versions ≤ 1.11.1 are vulnerable to cross-site scripting when allowedTags contains at least one nonTextTag. Root cause is improper sanitization in scenarios using nonTextTags, leading to potential XSS. Impact is mitigated by upgrading to 1.11.4 or...
CVE-2017-16017
The CVE-2017-16017 entry concerns the sanitize-html library where versions 1.2.2 and earlier are vulnerable to cross-site scripting (XSS). The root cause is inadequate sanitization allowing attacker-controlled HTML/input to induce XSS, as documented in multiple sources (e.g., OSV GHSA entry and n...