Description
html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.
Remediation
References
https://github.com/guardian/html-janitor/issues/34
https://hackerone.com/reports/308155
Related Vulnerabilities
CVE-2021-23412 Vulnerability in npm package gitlogplus
CVE-2020-28270 Vulnerability in npm package object-hierarchy-access
CVE-2020-11023 Vulnerability in maven package org.webjars.bowergithub.jquery:jquery
CVE-2022-1295 Vulnerability in npm package fullpage.js
CVE-2023-40351 Vulnerability in maven package org.jenkins-ci.plugins:favorite-view