npm package
html-janitor
pkg:npm/html-janitor
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-0931 | — | < 2.0.3 | 2.0.3 | Jun 4, 2018 | html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values. | ||
| CVE-2017-0928 | — | >= 0 | — | Jun 4, 2018 | html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed. |
- CVE-2017-0931Jun 4, 2018affected < 2.0.3fixed 2.0.3
html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.
- CVE-2017-0928Jun 4, 2018affected >= 0
html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.