-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
JavaScriptJavaScriptMiggo AIRoot Cause AnalysisThe vulnerability lies in the sanitize-html library, specifically within the main sanitizeHtml function in index.js. The advisory and commit details point to an XSS vulnerability when using the transformTags option. The provided commit 712cb6895825c8bb6ede71a16b42bade42abcaf3 clearly shows the fix. The change from result += frame.innerText; to result += escapeHtml(frame.innerText); pinpoints the exact location of the vulnerability. The frame.innerText is populated by the text property returned by a custom transformTags function. Before the patch, this text was not sanitized, allowing for the injection of arbitrary HTML and script content. The added test case in test/test.js further confirms this scenario by demonstrating how a malicious value in an attribute can be transformed into unescaped text content, leading to an XSS payload. Therefore, the sanitizeHtml function is the vulnerable function that would appear in a runtime profile during exploitation.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| sanitize-html | npm | < 2.0.0-beta | 2.0.0-beta |
Ongoing coverage of React2Shell