Description
All versions of html-janitor are vulnerable to cross-site scripting (XSS).
Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function.”
Recommendation
No fix is available yet. Followings are affected versions:
- < 2.0.4
References
- GHSA-fx46-whrj-73v5
- hackerone.com
- www.npmjs.com
- CVE-2017-0928
- CWE-547
- CWE-642
- CAPEC-310
- OWASP 2021-A4
- OWASP 2021-A5
- OWASP 2021-A6
Related Issues
- Vite's `server.fs` settings were not applied to HTML files - CVE-2025-58752
- Trix editor subject to XSS vulnerabilities on copy & paste - CVE-2024-53847
- Knwl.js Regular Expression Denial of Service vulnerability - CVE-2020-26306
- VvvebJs Reflected Cross-Site Scripting (XSS) vulnerability - CVE-2024-29271
- Tags:
- npm
- html-janitor
Anything's wrong? Let us know Last updated on September 12, 2023