CVE-2025-52561

Sažetak

HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could result in possible cross-site scripting (XSS) in any HTML that is sanitized with this library. This issue has been patched in version 0.2.1. A workaround involves adding the math and svg elements to the whitelist manually.

Reference

https://github.com/JuliaComputing/HTMLSanitizer.jl/commit/0c3dc359e4a64c39cac609541945c0518feef040
https://github.com/JuliaComputing/HTMLSanitizer.jl/pull/5
https://github.com/JuliaComputing/HTMLSanitizer.jl/security/advisories/GHSA-3mj7-qxh9-6q4p

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

23-06-2025 - 21:15

Objavljeno

23-06-2025 - 21:15