CVE-2017-0928
UNKNOWN
Published 2018-06-04T19:00:00Z
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2017-0928. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
✓ GitHub Reviewed
MODERATE
Bypassing Sanitization using DOM clobbering in html-janitor
GHSA-fx46-whrj-73v5Advisory Details
All versions of `html-janitor` are vulnerable to cross-site scripting (XSS).
Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function."
## Recommendation
Upgrade to version 2.0.4 or later.
Affected Packages
npm
html-janitor
ECOSYSTEM:
≥0
CVSS Scoring
CVSS Score
5.0
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: July 24, 2018, Modified: September 12, 2023
Published: 2018-06-04T19:00:00Z
Last Modified: 2024-09-17T04:04:20.635Z
Copied to clipboard!