XSS in Jitbit Htmlsanitizer
CVE-2025-29771
HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by…
Vulnerability class: XSS (Cross-Site Scripting)
EPSS: 0.004 (29.1th percentile) — read the EPSS interpretation.
Affected products
- Jitbit Htmlsanitizer — versions < 2.0.3
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM)
- security-advisories@github.com (x_refsource_MISC)