Description

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. Prior to versions 9.0.892 and 9.1.893-beta, if the template tag is allowed, its contents are not sanitized. The template tag is a special tag that does not usually render its contents, unless the shadowrootmode attribute is set to open or closed. This issue has been patched in versions 9.0.892 and 9.1.893-beta.

INFO

Published Date :

2026-02-04T21:45:25.665Z

Last Modified :

2026-02-05T18:24:09.842Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-25543 vulnerability.

Vendors Products
Htmlsanitizer Project
  • Htmlsanitizer
Mganss
  • Htmlsanitizer
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-25543.

URL Resource
https://github.com/mganss/HtmlSanitizer/commit/0ac53dca30ddad963f2b243669a5066933d82b81 cve-icon cve-icon
https://github.com/mganss/HtmlSanitizer/security/advisories/GHSA-j92c-7v7g-gj3f cve-icon cve-icon
https://www.nuget.org/packages/HtmlSanitizer/9.0.892 cve-icon cve-icon
https://www.nuget.org/packages/HtmlSanitizer/9.1.893-beta cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact