Description
Affected versions of sanitize-html are vulnerable to cross-site scripting.
Recommendation
Update the sanitize-html package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.2.3
- Patched version(s): 1.2.3
References
Related Issues
- sanitize-html is vulnerable to XSS through incomprehensive sanitization - CVE-2019-25225
- webfinger.js Blind SSRF Vulnerability - CVE-2025-54590
- files.photo.gallery command injection - CVE-2024-53615
- Potential XSS vulnerability in jQuery - CVE-2020-11023
- Tags:
- npm
- sanitize-html
Anything's wrong? Let us know Last updated on September 08, 2023