CVE-2016-1000237 — Cross-site Scripting in Sanitize-html

CWE-79 — Cross-site Scripting3 documents3 sources

Severity

6.1MEDIUM

No vector

EPSS

0.3%

top 44.16%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apostrophecms Sanitize-html

Timeline

PublishedApr 16

Description

Cross-Site Scripting in sanitize-html Affected versions of `sanitize-html` do not sanitize input recursively, which may allow an attacker to execute arbitrary Javascript. ## Recommendation Update to version 1.4.3 or later.

Affected Packages1 packages

▶npmapostrophecms/sanitize-html< 1.4.3

🔴Vulnerability Details

OSV

Cross-Site Scripting in sanitize-html↗2020-04-16

▶

GHSA

Cross-Site Scripting in sanitize-html↗2020-04-16

▶

📋Vendor Advisories

Debian

CVE-2016-1000237: node-sanitize-html - sanitize-html before 1.4.3 has XSS.↗2016

▶