bluemonday sanitizer is vulnerable to cross-site scripting. The vulnerability exists due to a lack of proper enforcement of policies which allows an attacker to inject maliciously crafted code via the SELECT
, STYLE
, and OPTION
tag.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/microcosm-cc/bluemonday | le | v1.10.15 | |
pybluemonday | le | 0.0.7 | |
github.com/microcosm-cc/bluemonday | le | v1.10.15 | |
pybluemonday | le | 0.0.7 |