NuGet package
htmlsanitizer
pkg:nuget/htmlsanitizer
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-25543 | — | < 9.0.892 | 9.0.892 | Feb 4, 2026 | HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usua | ||
| CVE-2023-44390 | — | < 8.0.723 | 8.0.723 | Oct 5, 2023 | HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an app | ||
| CVE-2020-26293 | — | < 5.0.372 | 5.0.372 | Jan 4, 2021 | HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `` tag, an attacker c |
- CVE-2026-25543Feb 4, 2026affected < 9.0.892fixed 9.0.892
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usua
- CVE-2023-44390Oct 5, 2023affected < 8.0.723fixed 8.0.723
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an app
- CVE-2020-26293Jan 4, 2021affected < 5.0.372fixed 5.0.372
HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `` tag, an attacker c