cvedb.io
CVE-2026-25543
MEDIUM · CVSS 6.1
EPSS exploitation probability: 0%
Published 2026-02-04T22:16:00.523 · Last modified 2026-06-17T10:24:49.647

Summary

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. This issue has been patched in versions 9.0.892 and 9.1.893-beta.

Affected products

htmlsanitizer_project — htmlsanitizer

Does this affect you?

Add your gear to cvedb and we'll alert you only when htmlsanitizer_project ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.