You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The sanitize-html package is vulnerable to Cross-Site Scripting (XSS). When sanitizing HTML tags that have been modified using a custom tag transformation, the opentag function in index.js fails to sanitize HTML attributes. If an application uses custom tag transformations, and places user input in an HTML attribute, an attacker can exploit this vulnerability by supplying malicious JavaScript in the input field and enticing a victim to visit the resulting page.
Hello,
we see currently that issues popping up in multiple security systems.
https://snyk.io/vuln/npm:sanitize-html
The sanitize-html package is vulnerable to Cross-Site Scripting (XSS). When sanitizing HTML tags that have been modified using a custom tag transformation, the opentag function in index.js fails to sanitize HTML attributes. If an application uses custom tag transformations, and places user input in an HTML attribute, an attacker can exploit this vulnerability by supplying malicious JavaScript in the input field and enticing a victim to visit the resulting page.
#156