Pfitzseb

Name of the Vulnerable Software and Affected Versions: HTMLSanitizer.jl versions prior to 0.2.1 Description: The issue is related to improper HTML sanitization in HTMLSanitizer.jl, a Whitelist-based HTML sanitizer. When the style tag is added to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML. This enables tag injection and JavaScript execution, potentially resulting in cross-site scripting (XSS) in any HTML sanitized with this library. Recommendations: For versions prior to 0.2.1, update to version 0.2.1 to resolve the issue. As a temporary workaround, consider adding the math and svg elements to the whitelist manually.