CVE-2021-32696

Name of the Vulnerable Software and Affected Versions striptags versions prior to 3.2.0

Description A type-confusion issue can cause striptags to concatenate unsanitized strings when an array-like object is passed in as the html parameter. This can be exploited by an attacker who can control the input shape, for example, if query parameters are directly passed into the function, leading to cross-site scripting (XSS) attacks.

Recommendations For versions prior to 3.2.0, update to version 3.2.0 to resolve the issue. As a temporary workaround, ensure that the html parameter is a string before calling the function.