sanitize is vulnerable to cross-site scripting (XSS) attacks. The vulnerability can occur under specific conditions when using libxml2 >= 2.9.2. The vulnerability exists as an output is improperly sanitized, allowing non-whitelisted attributes to be formed through a given HTML fragment when parsed by libxml2.
CPE | Name | Operator | Version |
---|---|---|---|
sanitize | le | 1.3.0.dev.20101210 | |
sanitize | le | 4.6.2 |