Description
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.
Remediation
References
https://github.com/punkave/sanitize-html/commit/5d205a1005ba0df80e21d8c64a15bb3accdb2403
https://github.com/punkave/sanitize-html/issues/100
https://nodesecurity.io/advisories/154
Related Vulnerabilities
CVE-2020-26226 Vulnerability in npm package semantic-release
CVE-2019-12400 Vulnerability in maven package org.apache.santuario:xmlsec
CVE-2021-25329 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2020-36732 Vulnerability in maven package org.webjars.bowergithub.brix:crypto-js
CVE-2018-1272 Vulnerability in maven package org.springframework:spring-core