Description
html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.
Remediation
References
https://github.com/guardian/html-janitor/issues/34
https://hackerone.com/reports/308155
Related Vulnerabilities
CVE-2022-31170 Vulnerability in maven package org.webjars.npm:openzeppelin__contracts-upgradeable
CVE-2020-15215 Vulnerability in maven package org.webjars.npm:electron
CVE-2021-23470 Vulnerability in npm package putil-merge
CVE-2023-30363 Vulnerability in npm package vconsole
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-api