npm

Severity: moderate

Cross-Site Scripting

sanitize-html

Overview

Affected versions of sanitize-html do not sanitize input recursively, which may allow an attacker to execute arbitrary Javascript.

Remediation

Update to version 1.4.3 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Aug 1st, 2016
  2. reported

    Initial report by Björn Kimminich
    Aug 1st, 2016