Severity by source
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AC:H reflects the mandatory non-default configuration prerequisite (permitting a URI-bearing attribute) that is entirely outside the attacker's control.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
ApostropheCMS is an open-source Node.js content management system, and sanitize-html provides a simple HTML sanitizer with a clear API. Versions of sanitize-html prior to 2.17.5 use allowedSchemesAppliedToAttributes (default: ['href', 'src', 'cite']) to gate the naughtyHref() function that blocks dangerous URI schemes like javascript: and vbscript:. The HTML specification defines 10+ attributes that accept URIs (action, formaction, data, poster, background, ping, xlink:href, dynsrc, lowsrc), but none of these are included in the default gate list. When a developer allows any of these attributes in their configuration, javascript: URIs pass through completely unmodified, enabling XSS. Version 2.17.5 patches the issue.
AnalysisAI
Cross-site scripting in sanitize-html prior to 2.17.5 allows low-privileged attackers to inject executable javascript: URIs through HTML attributes that the library's scheme-blocking logic never inspects. The naughtyHref() function gates dangerous URI schemes only for attributes listed in allowedSchemesAppliedToAttributes (defaulting to href, src, and cite), leaving attributes such as action, formaction, data, poster, background, ping, xlink:href, dynsrc, and lowsrc entirely unchecked. Applications that explicitly permit any of these attributes in their sanitize-html configuration are vulnerable; no public exploit code has been identified at time of analysis, and this CVE is not currently listed in CISA KEV.
Technical ContextAI
sanitize-html is a widely used Node.js library (CPE: cpe:2.3:a:apostrophecms:sanitize-html) that strips or transforms HTML to a developer-defined allowlist. Its URI safety check, naughtyHref(), inspects attribute values for dangerous schemes (javascript:, vbscript:, etc.) only when the attribute name appears in the allowedSchemesAppliedToAttributes configuration array. The default value of this array covers only href, src, and cite, yet the HTML specification defines over ten additional attributes that can carry URI values - including action and formaction on forms, data on <object>, poster on <video>/<audio>, and SVG-related xlink:href. Because none of these are in the default gate list, any application that extends its sanitize-html allowedAttributes configuration to permit them inadvertently disables scheme validation for those attributes entirely. This is a CWE-79 (Improper Neutralization of Input During Web Page Generation) root cause: user-controlled URI data reaches browser execution context without sanitization.
RemediationAI
Upgrade sanitize-html to version 2.17.5 or later, which is the vendor-confirmed patched release per GHSA-vccv-cmxp-4j9h (https://github.com/apostrophecms/apostrophe/security/advisories/GHSA-vccv-cmxp-4j9h). Run npm update sanitize-html or pin "sanitize-html": ">=2.17.5" in your package.json. If an immediate upgrade is not feasible, audit your sanitize-html allowedAttributes and allowedAttributesGlob configuration and remove any entries for action, formaction, data, poster, background, ping, xlink:href, dynsrc, and lowsrc; this eliminates the attack surface at the cost of potentially breaking form-submission HTML, media embeds, or SVG content your application currently renders. Alternatively, explicitly add all affected attributes to your allowedSchemesAppliedToAttributes array to force scheme checking - this is a viable short-term workaround but requires careful validation that your custom list is exhaustive as new URI-bearing attributes are introduced.
FortiOS and FortiProxy contain an authentication bypass via the Node.js websocket module allowing unauthenticated remote
Eval injection vulnerability in the internals.batch function in lib/batch.js in the bassmaster plugin before 1.5.2 for t
Flowise version 3.0.5 contains a remote code execution vulnerability in the CustomMCP node. The mcpServerConfig paramete
Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended files, because a change to ".." handling was inc
An issue was discovered in the node-serialize package 0.0.4 for Node.js. Rated critical severity (CVSS 9.8), this vulner
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary fi
Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwin
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, whic
Directory traversal vulnerability in lib/app/index.js in Geddy before 13.0.8 for Node.js allows remote attackers to read
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
Eval injection vulnerability in index.js in the syntax-error package before 1.1.1 for Node.js 0.10.x, as used in IBM Rat
The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before 0.8.26 allows remote attackers to cause a denial of se
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-36574