Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-fx46-whrj-73v5

GitHub Security Advisory

Bypassing Sanitization using DOM clobbering in html-janitor

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

All versions of `html-janitor` are vulnerable to cross-site scripting (XSS).

Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function."

## Recommendation

Upgrade to version 2.0.4 or later.

Affected Packages

npm html-janitor
Affected versions: 0

Related CVEs

CVE-2017-0928

Key Information

GHSA ID
GHSA-fx46-whrj-73v5
Published
July 24, 2018 8:06 PM
Last Modified
September 12, 2023 8:47 PM
CVSS Score
5.0 /10
Primary Ecosystem
npm
Primary Package
html-janitor
GitHub Reviewed
✓ Yes

Dataset

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.