PT-2026-6321 · Unknown · Sanitize-Html
Nsysean
·
Published
2026-02-03
·
Updated
2026-02-24
·
CVE-2026-25543
CVSS v4.0
6.3
Medium
| Vector | AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
Name of the Vulnerable Software and Affected Versions
HtmlSanitizer versions prior to 9.0.892
HtmlSanitizer versions prior to 9.1.893-beta
Description
HtmlSanitizer is a .NET library designed to prevent cross-site scripting (XSS) attacks by cleaning HTML fragments and documents. Before versions 9.0.892 and 9.1.893-beta, the library did not sanitize the contents of the template tag when it was permitted. The template tag typically does not render its contents unless the
shadowrootmode attribute is set to 'open' or 'closed'.Recommendations
Update to HtmlSanitizer version 9.0.892 or later.
Update to HtmlSanitizer version 9.1.893-beta or later.
Exploit
Fix
Improper Encoding or Escaping of Output
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sanitize-Html