CVE-2024-21501




Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server.


We have discovered 24 live websites that are affected by CVE-2024-21501.

Contact us to get more info



Affected Software

Product  sanitize-html
Category JavaScript Libraries
Vulnerable Versions
  • from 0 before 2.12.1
Total Vulnerable Versions11
Vulnerable Domains24 live websites (100.00% of sanitize-html install base)



Details

  • Published - Feb 24, 2024
  • Updated - Feb 24, 2024

Credits

  • Vsevolod Kokorin (Slonser) of Solidlab




Countries

United States14 websites


Australia2 websites
Norway2 websites
Canada1 websites
Cocos(Keeling) Island1 websites
Germany1 websites
France1 websites
Portugal1 websites
Russia1 websites

TLDs

.com14 websites
.org3 websites
.ca1 websites
.com.au1 websites
.de1 websites
.ru1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2024-21501

Top websites that are affected by CVE-2024-21501. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***.********.ca Canada**,***
***.**********.com United States**,***
***.****.com Australia***,***
****.*************.com United States***,***
***.******.com United States***,***
******.******.com United States***,***
*********.ru Russia***,***
*****.************.com United States*,***,***
*****.*****.**************.de Germany*,***,***
**********.************.com United States*,***,***
See full domain list