CVE-2017-16017Cross-site Scripting in Sanitize-html

CWE-79Cross-site Scripting5 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.3%
top 50.06%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Apostrophecms Sanitize-htmlPunkave Sanitize-htmlHackerone Sanitize-html Node Module
Timeline
PublishedJun 4
Latest updateNov 9

Description

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

🔴Vulnerability Details

3
OSV
Cross-Site Scripting in sanitize-html2018-11-09
GHSA
Cross-Site Scripting in sanitize-html2018-11-09
CVEList
CVE-2017-16017: sanitize-html is a library for scrubbing html input for malicious values Versions 12018-06-04

📋Vendor Advisories

1
Debian
CVE-2017-16017: node-sanitize-html - sanitize-html is a library for scrubbing html input for malicious values Version...2017
CVE-2017-16017 — Cross-site Scripting in Sanitize-html | cvebase