Cross-Site Scripting Vulnerability in sanitize-html Library by Punkave
CVE-2017-16017

6.1MEDIUM

Key Information:

Vendor

Hackerone

Status
Sanitize-html Node Module
Vendor
CVE Published:
4 June 2018

What is CVE-2017-16017?

The sanitize-html library, designed to remove malicious HTML input, is vulnerable to cross-site scripting attacks in versions 1.2.2 and below. This flaw allows attackers to inject arbitrary scripts into web applications, potentially leading to unauthorized access to sensitive information or user sessions. It is crucial for developers using this library to upgrade to a secure version to mitigate the risk of exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

sanitize-html node module <=1.2.2

References

https://github.com/punkave/sanitize-html/pull/20
x_refsource_MISC
https://nodesecurity.io/advisories/155
x_refsource_MISC
https://github.com/punkave/sanitize-html/issues/19
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.