GHSA-hfj4-96f7-6r5g

Suggest an improvement
Source
https://github.com/advisories/GHSA-hfj4-96f7-6r5g
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-hfj4-96f7-6r5g/GHSA-hfj4-96f7-6r5g.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hfj4-96f7-6r5g
Aliases
Published
2018-11-09T17:49:11Z
Modified
2023-11-08T03:58:41.349672Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-Site Scripting in html-janitor
Details

Versions of html-janitor prior to 2.0.2 (all current versions) are vulnerable to cross-site scripting (XSS).

This is exploitable if user-controlled data is passed into the modules clean() function.

Recommendation

No fix is currently available for this vulnerability. It is recommended to use an alternative module for HTML sanitization.

Database specific 
{
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:39:59Z",
    "severity": "MODERATE",
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-79"
    ]
}
References

Affected packages

npm / html-janitor

Package

Name
html-janitor
View open source insights on deps.dev
Purl
pkg:npm/html-janitor

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.0.3