kampiech / SAST_1

1 stars 1 forks source link

htmlsanitizer.5.0.355.nupkg: 1 vulnerabilities (highest severity is: 6.1) #35

Open mend-bolt-for-github[bot] opened 2 weeks ago

mend-bolt-for-github[bot] commented 2 weeks ago
Vulnerable Library - htmlsanitizer.5.0.355.nupkg

Cleans HTML from constructs that can be used for cross site scripting (XSS)

Library home page: https://api.nuget.org/packages/htmlsanitizer.5.0.355.nupkg

Path to dependency file: /SAST.csproj

Path to vulnerable library: /.nuget/packages/htmlsanitizer/5.0.355/htmlsanitizer.5.0.355.nupkg

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in (htmlsanitizer.5.0.355.nupkg version) Remediation Possible**
CVE-2020-26293 Medium 6.1 htmlsanitizer.5.0.355.nupkg Direct HtmlSanitizer - 5.0.372

**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation

Details

CVE-2020-26293 ### Vulnerable Library - htmlsanitizer.5.0.355.nupkg

Cleans HTML from constructs that can be used for cross site scripting (XSS)

Library home page: https://api.nuget.org/packages/htmlsanitizer.5.0.355.nupkg

Path to dependency file: /SAST.csproj

Path to vulnerable library: /.nuget/packages/htmlsanitizer/5.0.355/htmlsanitizer.5.0.355.nupkg

Dependency Hierarchy: - :x: **htmlsanitizer.5.0.355.nupkg** (Vulnerable Library)

Found in base branch: main

### Vulnerability Details

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. In HtmlSanitizer before version 5.0.372, there is a possible XSS bypass if style tag is allowed. If you have explicitly allowed the `