CVE-2017-16016 - AskarLabs CVE Database

CVE-2017-16016

Vendor Hackerone

Product sanitize-html node module

Weakness CWE-79 · XSS

Published June 4, 2018

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTags, the result is a potential XSS vulnerability.

Key dates

02Disclosure timeline

June 4, 2018 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-16016

Related vulnerabilities

04Related CVE

CVE-2018-16887 CVE-2026-47933 ColdFusion | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-11806 PKT1 Centro de envios <= 1.2.1 - Reflected Cross-Site Scripting CVE-2026-23630 Docmost is vulnerable to stored Cross-Site Scripting (XSS) through Mermaid rendering CVE-2024-35705 WordPress Block for Font Awesome plugin <= 1.4.4 - Cross Site Scripting (XSS) vulnerability