VYPR
Unrated severityNVD Advisory· Published Sep 8, 2025· Updated Sep 8, 2025

CVE-2014-125128

CVE-2014-125128

Description

'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly validate the hyperreference (href) attribute in anchor tags (``), allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.