2025-09-08 10:09:25
Checkmarx
PUBLISHED
sanitize-html prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function naughtyHref doesnt properly validate the hyperreference (`href`) attribute in anchor tags (``), allowing bypasses that contain different casings, whitespace characters, or hexadecimal encodings.