CVE-2025-29771

Source
https://nvd.nist.gov/vuln/detail/CVE-2025-29771
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-29771.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-29771
Aliases
Published
2025-03-14T19:15:48Z
Modified
2025-03-17T05:50:19.447114Z
Summary
[none]
Details

HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a contentEditable element to set the elements innerHTML to a sanitized string produced by the package. If the code is particularly crafted to abuse the code beautifier, that runs AFTER sanitation. The issue is patched in version 2.0.3.

References

Affected packages

Git / github.com/jitbit/htmlsanitizer

Affected ranges

Type
GIT
Repo
https://github.com/jitbit/htmlsanitizer
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

1.*

1.0.0
1.0.1

2.*

2.0.0
2.0.1
2.0.2