HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `
Vulnerable Library - htmlsanitizer.5.0.355.nupkg
Cleans HTML from constructs that can be used for cross site scripting (XSS)
Library home page: https://api.nuget.org/packages/htmlsanitizer.5.0.355.nupkg
Path to dependency file: /SAST.csproj
Path to vulnerable library: /.nuget/packages/htmlsanitizer/5.0.355/htmlsanitizer.5.0.355.nupkg
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
CVE-2020-26293
### Vulnerable Library - htmlsanitizer.5.0.355.nupkgCleans HTML from constructs that can be used for cross site scripting (XSS)
Library home page: https://api.nuget.org/packages/htmlsanitizer.5.0.355.nupkg
Path to dependency file: /SAST.csproj
Path to vulnerable library: /.nuget/packages/htmlsanitizer/5.0.355/htmlsanitizer.5.0.355.nupkg
Dependency Hierarchy: - :x: **htmlsanitizer.5.0.355.nupkg** (Vulnerable Library)
Found in base branch: main
### Vulnerability DetailsHtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `