216.73.216.170

CVE-2025-52561

· Published 23/06/2025 21:15 · Modified 23/06/2025 21:15

Labels: CVE-2025-52561 2025-06-23CVE-2025-52561CWE-79[email protected]

Essential information

Published
23/06/2025 21:15
Modified
23/06/2025 21:15
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could result in possible cross-site scripting (XSS) in any HTML that is sanitized with this library. This issue has been patched in version 0.2.1. A workaround involves adding the math and svg elements to the whitelist manually.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
htmlsanitizer / htmlsanitizer.jl cpe:2.3:a:htmlsanitizer:htmlsanitizer.jl:<0.2.1:*:*:*:*:*:*:*

References