EPSS
Percentile
32.0%
sanitize is vulnerable to Cross-Site Scripting (XSS). An attacker is able to inject and execute arbitrary HTML on victim’s browser due to improper sanitization when the library is configured with a custom allowlist that allows noscript elements.
noscript
github.com/rgrove/sanitize/commit/ec14265e530dc3fe31ce2ef773594d3a97778d22
github.com/rgrove/sanitize/security/advisories/GHSA-fw3g-2h3j-qmm7