CVE-2019-25225

Published: Sep 8, 2025
Updated: Sep 13, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2019-25225" target="_blank" rel="noopener"> CVE-2019-25225
GHSA: <a href="https://github.com/advisories/GHSA-qhxp-v273-g94h" target="_blank" rel="noopener"> GHSA-qhxp-v273-g94h
Severity: Medium
Exploit:

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The sanitizeHtml() function in index.js does not sanitize content when using the custom transformTags option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.