Improper Neutralization of Input During Web Page Generation in html5lib
Moderate severity
GitHub Reviewed
Published
May 17, 2022
to the GitHub Advisory Database
•
Updated Aug 31, 2023
Description
Published by the National Vulnerability Database
Feb 22, 2017
Published to the GitHub Advisory Database
May 17, 2022
Reviewed
Jul 6, 2022
Last updated
Aug 31, 2023
The serializer in html5lib before 0.99999999 might allow remote attackers to conduct cross-site scripting (XSS) attacks by leveraging mishandling of the < (less than) character in attribute values.
References