ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions

'sanitize-html' prior to version 1.0.3 is vulnerable to Cross-site Scripting (XSS). The function 'naughtyHref' doesn't properly va

sanitize-html prior to version 2.0.0-beta is vulnerable to Cross-site Scripting (XSS). The sanitizeHtml() function in `index.j

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the s

The package sanitize-html before 2.7.1 are vulnerable to Regular Expression Denial of Service (ReDoS) due to insecure global regul

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" op

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow

sanitize-html before 1.4.3 has XSS.

sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vuln

Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site sc