CVE-2023-44390
- Source
- https://cve.org/CVERecord?id=CVE-2023-44390
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44390.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-44390
- Aliases
- Published
- 2023-10-05T13:41:20.387Z
- Modified
- 2026-04-10T05:01:39.304275Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- HtmlSanitizer vulnerable to Cross-site Scripting in Foreign Content
- Details
-
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either
svgormathare in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version). - Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-79" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/44xxx/CVE-2023-44390.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/44xxx/CVE-2023-44390.json
- https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-43cp-6p3q-2pc4
- https://nvd.nist.gov/vuln/detail/CVE-2023-44390
- https://github.com/mganss/HtmlSanitizer/commit/ab29319866c020f0cc11e6b92228cd8039196c6e
Affected packages
Git / github.com/mganss/htmlsanitizer
Affected ranges
- Type
- GIT
- Repo
- https://github.com/mganss/htmlsanitizer
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v3.*
v3.1.76
v3.1.79
v3.1.91
v3.1.93
v3.1.98
v3.2.100
v3.2.103
v3.2.105
v3.3.122-beta
v3.3.125-beta
v3.3.126-beta
v3.3.127-beta
v3.3.128-beta
v3.3.129-beta
v3.3.130-beta
v3.3.131-beta
v3.3.132-beta
v3.3.134-beta
v3.3.140-beta
v3.3.142
v3.3.143-beta
v3.3.144-beta
v3.3.145-beta
v3.3.146-beta
v3.3.147-beta
v3.3.148-beta
v3.4.152-beta
v3.4.156
v3.5.167-beta
v3.5.168-beta
v3.5.169-beta
v4.*
v4.0.179
v4.0.180
v4.0.181
v4.0.182
v4.0.183
v4.0.185
v4.0.186
v4.0.187
v4.0.188
v4.0.189
v4.0.191
v4.0.192
v4.0.193
v4.0.199
v4.0.201
v4.0.204
v4.0.205
v4.0.207
v4.0.209
v4.0.210
v4.0.211
v4.0.212
v4.0.217
v4.0.219
v4.0.228
v4.0.229
v4.0.230
v5.*
v5.0.233
v5.0.236
v5.0.239
v5.0.244
v5.0.245
v5.0.248
v5.0.249
v5.0.250
v5.0.257
v5.0.260
v5.0.263
v5.0.266
v5.0.269
v5.0.272
v5.0.274
v5.0.277
v5.0.280
v5.0.283
v5.0.287
v5.0.290
v5.0.291
v5.0.292
v5.0.293
v5.0.296
v5.0.297
v5.0.298
v5.0.303
v5.0.304
v5.0.307
v5.0.310
v5.0.313
v5.0.316
v5.0.319
v5.0.322
v5.0.325
v5.0.328
v5.0.331
v5.0.332
v5.0.342
v5.0.343
v5.0.354
v5.0.355
v5.0.358
v5.0.363
v5.0.364
v5.0.365
v5.0.366
v5.0.367
v5.0.368
v5.0.371
v5.0.372
v5.0.376
v5.0.379
v5.0.382
v5.0.385
v5.0.388
v5.0.391
v5.0.392
v5.0.395
v6.*
v6.0.409
v6.0.423
v6.0.430
v6.0.437
v6.0.441
v6.0.453
v7.*
v7.0.470
v7.0.473
v7.1.475
v7.1.488
v7.1.509
v7.1.512
v7.1.542
v8.*
v8.0.601
v8.0.645
v8.0.692
v8.0.718