search

kampiech / SAST_1

1 stars 1 forks source link

htmlsanitizer.5.0.355.nupkg: 1 vulnerabilities (highest severity is: 6.1) #18

Open mend-bolt-for-github[bot] opened 2 years ago

mend-bolt-for-github[bot] commented 2 years ago
Vulnerable Library - htmlsanitizer.5.0.355.nupkg

Cleans HTML from constructs that can be used for cross site scripting (XSS)

Library home page: https://api.nuget.org/packages/htmlsanitizer.5.0.355.nupkg

Path to dependency file: /SAST.csproj

Path to vulnerable library: /.nuget/packages/htmlsanitizer/5.0.355/htmlsanitizer.5.0.355.nupkg

Found in HEAD commit: 5b9ea51083187e03231256dc8440e7c7573421b3

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (htmlsanitizer.5.0.355.nupkg version) Remediation Available
CVE-2020-26293 Medium 6.1 htmlsanitizer.5.0.355.nupkg Direct HtmlSanitizer - 5.0.372

Details

CVE-2020-26293 ### Vulnerable Library - htmlsanitizer.5.0.355.nupkg

Cleans HTML from constructs that can be used for cross site scripting (XSS)

Library home page: https://api.nuget.org/packages/htmlsanitizer.5.0.355.nupkg

Path to dependency file: /SAST.csproj

Path to vulnerable library: /.nuget/packages/htmlsanitizer/5.0.355/htmlsanitizer.5.0.355.nupkg

Dependency Hierarchy: - :x: **htmlsanitizer.5.0.355.nupkg** (Vulnerable Library)

Found in HEAD commit: 5b9ea51083187e03231256dc8440e7c7573421b3

Found in base branch: main

### Vulnerability Details

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `