CVE-2023-44390

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-44390
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-44390.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-44390
Aliases
Published
2023-10-05T14:15:09Z
Modified
2024-05-15T01:18:40.504197Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either svg or math are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version).

References

Affected packages

Git / github.com/mganss/htmlsanitizer

Affected ranges

Type
GIT
Repo
https://github.com/mganss/htmlsanitizer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

v2.*

v2.0

v3.*

v3.0-beta
v3.1.76
v3.1.79
v3.1.91
v3.1.93
v3.1.98
v3.2.100
v3.2.103
v3.2.105
v3.3.122-beta
v3.3.125-beta
v3.3.126-beta
v3.3.127-beta
v3.3.128-beta
v3.3.129-beta
v3.3.130-beta
v3.3.131-beta
v3.3.132-beta
v3.3.134-beta
v3.3.140-beta
v3.3.142
v3.3.143-beta
v3.3.144-beta
v3.3.145-beta
v3.3.146-beta
v3.3.147-beta
v3.3.148-beta
v3.4.152-beta
v3.4.156
v3.5.167-beta
v3.5.168-beta
v3.5.169-beta

v4.*

v4.0.179
v4.0.180
v4.0.181
v4.0.182
v4.0.183
v4.0.185
v4.0.186
v4.0.187
v4.0.188
v4.0.189
v4.0.190
v4.0.191
v4.0.192
v4.0.193
v4.0.195
v4.0.197
v4.0.198
v4.0.199
v4.0.200
v4.0.201
v4.0.202
v4.0.203
v4.0.204
v4.0.205
v4.0.207
v4.0.209
v4.0.210
v4.0.211
v4.0.212
v4.0.217
v4.0.219
v4.0.220
v4.0.222
v4.0.224
v4.0.228
v4.0.229
v4.0.230

v5.*

v5.0.214
v5.0.215
v5.0.216
v5.0.218
v5.0.233
v5.0.234
v5.0.236
v5.0.237
v5.0.239
v5.0.240
v5.0.242
v5.0.244
v5.0.245
v5.0.246
v5.0.248
v5.0.249
v5.0.250
v5.0.251
v5.0.257
v5.0.258
v5.0.260
v5.0.261
v5.0.263
v5.0.264
v5.0.266
v5.0.267
v5.0.269
v5.0.270
v5.0.272
v5.0.274
v5.0.275
v5.0.277
v5.0.278
v5.0.280
v5.0.281
v5.0.283
v5.0.284
v5.0.287
v5.0.288
v5.0.290
v5.0.291
v5.0.292
v5.0.293
v5.0.294
v5.0.296
v5.0.297
v5.0.298
v5.0.303
v5.0.304
v5.0.305
v5.0.307
v5.0.308
v5.0.310
v5.0.311
v5.0.313
v5.0.314
v5.0.316
v5.0.317
v5.0.319
v5.0.320
v5.0.322
v5.0.323
v5.0.325
v5.0.326
v5.0.328
v5.0.329
v5.0.331
v5.0.332
v5.0.341
v5.0.342
v5.0.343
v5.0.344
v5.0.346
v5.0.347
v5.0.349
v5.0.350
v5.0.352
v5.0.353
v5.0.354
v5.0.355
v5.0.358
v5.0.359
v5.0.361
v5.0.363
v5.0.364
v5.0.365
v5.0.366
v5.0.367
v5.0.368
v5.0.369
v5.0.371
v5.0.372
v5.0.373
v5.0.375
v5.0.376
v5.0.377
v5.0.379
v5.0.380
v5.0.382
v5.0.383
v5.0.385
v5.0.386
v5.0.388
v5.0.389
v5.0.391
v5.0.392
v5.0.395
v5.0.398
v5.0.400
v5.0.401
v5.0.403
v5.0.404

v6.*

v6.0.409
v6.0.423
v6.0.430
v6.0.437
v6.0.441
v6.0.453

v7.*

v7.0.470
v7.0.473
v7.1.475
v7.1.488
v7.1.509
v7.1.512
v7.1.542

v8.*

v8.0.601
v8.0.645
v8.0.692
v8.0.718