Security Advisory

CVE-2019-25225

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-09-08 10:02:42

Last updated 2025-09-08 15:18:19

Assigner Checkmarx

State PUBLISHED

Description

`sanitize-html` prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The `sanitizeHtml()` function in `index.js` does not sanitize content when using the custom `transformTags` option, which is intended to convert attribute values into text. As a result, malicious input can be transformed into executable code.

← Browse all CVEs View on cve.org ↗