SynScan
Home
How it works
Pricing
Vulnerability Database
Breach Intelligence
Search Data
Database Index
Contact
Try it now!
CVE-2016-1000237
Last update: May 9, 2024
Description
sanitize-html before 1.4.3 has XSS.
Affected Software
References
Software
From
Fixed in
apostrophecms / sanitize-html
-
1.4.3
sanitize-html
-
1.4.3
https://github.com/apostrophecms/sanitize-html/commit/762fbc7bba389f3f789cc291c1eb2b64f60f2caf
https://github.com/apostrophecms/sanitize-html/issues/29
https://github.com/punkave/sanitize-html/issues/29
https://nodesecurity.io/advisories/135
https://raw.githubusercontent.com/distributedweaknessfiling/cvelist/master/2016/1000xxx/CVE-2016-1000237.json
https://www.npmjs.com/advisories/135
Details
Severity:
Medium
CVE:
CVE-2016-1000237
GHSA:
GHSA-3j7m-hmh3-9jmp
Published:
Jan 23, 2020
Updated:
May 9, 2024
Exploit:
CVSS v3
Severity:
Medium
Score
: 6.1
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVSS v2
Severity:
Low
Score:
4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWEs
CWE-79
OWASP TOP 10
A7 - Cross-Site Scripting (XSS)