GHSA-hfj4-96f7-6r5g

GitHub Security Advisory

Cross-Site Scripting in html-janitor

✓ GitHub Reviewed MODERATE Has CVE

Versions of `html-janitor` prior to 2.0.2 (all current versions) are vulnerable to cross-site scripting (XSS).

This is exploitable if user-controlled data is passed into the modules `clean()` function.

## Recommendation

No fix is currently available for this vulnerability. It is recommended to use an alternative module for HTML sanitization.

npm html-janitor

Affected versions: 0 (fixed in 2.0.3)

CVE-2017-0931

GHSA ID

GHSA-hfj4-96f7-6r5g

Published

November 9, 2018 5:49 PM

Last Modified

September 12, 2023 9:02 PM

CVSS Score

5.0 /10

Primary Ecosystem

npm

Primary Package

html-janitor

GitHub Reviewed

✓ Yes

Last updated: July 3, 2025 6:26 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.