The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of special characters in attribute values, a different vulnerability than CVE-2016-9909.
{
"cpe": "cpe:2.3:a:html5lib:html5lib:*:1.0b8:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"last_affected": "0.99999999"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}