Cross-Site Scripting Vulnerability in Sanitize-HTML Library by Punkave
CVE-2017-16016
6.1MEDIUM
What is CVE-2017-16016?
The sanitize-html library versions up to 1.11.1 are prone to cross-site scripting attacks in specific contexts. If the library is configured to allow any non-text HTML tags, it does not adequately sanitize certain HTML input, leading to potential XSS vulnerabilities. This flaw could enable attackers to inject malicious scripts, compromising web application security and end-user data. Developers using affected versions should upgrade to the latest version to mitigate this vulnerability.
Affected Version(s)
sanitize-html node module <=1.11.1