CVE-2017-16017

Name of the Vulnerable Software and Affected Versions: sanitize-html versions 1.2.2 and below

Description: The issue concerns a cross-site scripting vulnerability in the sanitize-html library, which is used for scrubbing HTML input for malicious values. This vulnerability can be exploited when the library incorrectly interprets certain HTML inputs, such as the example provided where an <IMG> tag with an onmouseover attribute is not properly sanitized, resulting in the execution of JavaScript code. The estimated number of potentially affected devices worldwide is not specified.

Recommendations: For versions 1.2.2 and below, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the sanitize-html library until the update can be applied.