CVE-2017-0928

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed.

All versions of `html-janitor` are vulnerable to cross-site scripting (XSS). Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function." ## Recommendation Upgrade to version 2.0.4 or later.

All versions of `html-janitor` are vulnerable to cross-site scripting (XSS). Arbitrary HTML can pass the sanitization process, which can be unexpected and dangerous (XSS) in case user-controlled input is passed to the clean function." ## Recommendation Upgrade to version 2.0.4 or later.

El módulo de node html-janitor sufre de una vulnerabilidad de control externo de datos de estado críticos mediante el control de usuario de la variable "_sanitized", lo que provoca que se omita el saneamiento.