Description
html-janitor node module suffers from a Cross-Site Scripting (XSS) vulnerability via clean() accepting user-controlled values.
Remediation
References
https://github.com/guardian/html-janitor/issues/34
https://hackerone.com/reports/308155
Related Vulnerabilities
CVE-2023-40342 Vulnerability in maven package org.jenkins-ci.plugins:flaky-test-handler
CVE-2021-21165 Vulnerability in maven package org.webjars.npm:electron
CVE-2020-15168 Vulnerability in maven package org.webjars.npm:node-fetch
CVE-2019-10756 Vulnerability in npm package node-red-dashboard
CVE-2023-46499 Vulnerability in npm package @evershop/evershop