GHSA-hfj4-96f7-6r5g

Source

https://github.com/advisories/GHSA-hfj4-96f7-6r5g

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-hfj4-96f7-6r5g/GHSA-hfj4-96f7-6r5g.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hfj4-96f7-6r5g

Aliases

CVE-2017-0931

Published

2018-11-09T17:49:11Z

Modified

2023-11-08T03:58:41.349672Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Cross-Site Scripting in html-janitor

Details

Versions of html-janitor prior to 2.0.2 (all current versions) are vulnerable to cross-site scripting (XSS).

This is exploitable if user-controlled data is passed into the modules clean() function.

Recommendation

No fix is currently available for this vulnerability. It is recommended to use an alternative module for HTML sanitization.

Database specific

{
    "nvd_published_at": null,
    "severity": "MODERATE",
    "github_reviewed_at": "2020-06-16T21:39:59Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ]
}

References

Affected packages

npm / html-janitor

Package

Name: html-janitor; View open source insights on deps.dev
Purl: pkg:npm/html-janitor

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0.3