Security Advisory

CVE-2014-125128

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-08 10:09:25

Last updated 2025-09-08 13:43:33

Assigner Checkmarx

State PUBLISHED

Description

sanitize-html prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function naughtyHref doesnt properly validate the hyperreference (`href`) attribute in anchor tags (`<a>`), allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings.

← Browse all CVEs View on cve.org ↗