Cross-Site Scripting in sanitize-html - sanitize-html - GHSA-3j7m-hmh3-9jmp

Description

Affected versions of sanitize-html do not sanitize input recursively, which may allow an attacker to execute arbitrary Javascript.

Recommendation

Update the sanitize-html package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.4.3
• Patched version(s): 1.4.3

References

• GHSA-3j7m-hmh3-9jmp
• raw.githubusercontent.com
• www.npmjs.com
• CVE-2016-1000237
• CWE-79
• CAPEC-310
• OWASP 2021-A3
• OWASP 2021-A6

Related Issues

• Cross-Site Scripting in sanitize-html - sanitize-html - CVE-2017-16016
• Cross-Site Scripting in sanitize-html - CVE-2017-16017
• Bootstrap Cross-site Scripting vulnerability - bootstrap - GHSA-4p24-vmcr-4gqj - CVE-2016-10735
• Cross-Site Scripting in swagger-ui - swagger-ui - GHSA-p239-93f7-h6xf - CVE-2016-5682

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

sanitize-html