All 4 CVE vulnerabilities found in sanitize-html, with AI-generated Chinese analysis, references, and POCs.
Vendor: n/a
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-53606 | sanitize-html has an incomplete URI scheme validation that allows javascript: URIs through action, formaction, data, poster, and background attributes CWE-79 | 5.4 | Medium | 2026-06-12 |
| CVE-2026-44990 | Apostrophe has default XSS via `xmp` raw-text passthrough in `sanitize-html` CWE-79 | 9.3 | Critical | 2026-06-12 |
| CVE-2024-21501 | Apostrophe sanitize-html 安全漏洞 CWE-200 | 5.3 | Medium | 2024-02-24 |
| CVE-2022-25887 | Regular Expression Denial of Service (ReDoS) | 5.3 | Medium | 2022-08-30 |
All 4 known CVE vulnerabilities affecting sanitize-html with full Chinese analysis, references, and POCs where available.