PT-2026-6321 · Unknown · Sanitize-Html

Nsysean

Publicado

2026-02-03

Atualizado

2026-02-24

CVE-2026-25543

CVSS v4.0

6.3

Média

Vetor

AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Name of the Vulnerable Software and Affected Versions HtmlSanitizer versions prior to 9.0.892 HtmlSanitizer versions prior to 9.1.893-beta

Description HtmlSanitizer is a .NET library designed to prevent cross-site scripting (XSS) attacks by cleaning HTML fragments and documents. Before versions 9.0.892 and 9.1.893-beta, the library did not sanitize the contents of the template tag when it was permitted. The template tag typically does not render its contents unless the shadowrootmode attribute is set to 'open' or 'closed'.

Recommendations Update to HtmlSanitizer version 9.0.892 or later. Update to HtmlSanitizer version 9.1.893-beta or later.

Exploit

Correção

Improper Encoding or Escaping of Output

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-116CWE-79

Identificadores relacionados

CVE-2026-25543

GHSA-J92C-7V7G-GJ3F

Produtos afetados

Sanitize-Html

PT-2026-6321 · Unknown · Sanitize-Html

CVE-2026-25543

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 20