Synk issues for Cross-site Scripting (XSS)-ezyang/htmlpurifier

Hi Team,
Could you please advise on how to fix the following issues? While running a **vulnerability test using Snyk**, I found multiple problems in the ezyang/htmlpurifier package. Specifically, unsanitized input from an HTTP header flows into the echo statement in maintenance/flush.php at lines 16, 24, 25, 26, 27, and 28, which may lead to a Cross-Site Scripting (XSS) attack. 

Additionally, in **maintenance/rename-config.php** at line 46, unsanitized input from an HTTP header flow into eval, where it is executed as PHP code, potentially resulting in a Code Injection vulnerability.

A similar XSS issue is present in **vendor/ezyang/htmlpurifier/maintenance/rename-config.php** at multiple lines, including 19, 29, and 39.

**I'm currently using ezyang/htmlpurifier version v4.10.0**

Could you please help me resolve this? 
https://github.com/ezyang/htmlpurifier/blob/master/maintenance/rename-config.php

![Image](https://github.com/user-attachments/assets/4258f9e2-a29a-49f8-a198-d4a180b1e028)

![Image](https://github.com/user-attachments/assets/a1bd1ad3-7d16-4320-950b-1e450284cd38)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Synk issues for Cross-site Scripting (XSS)-ezyang/htmlpurifier #450

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Synk issues for Cross-site Scripting (XSS)-ezyang/htmlpurifier #450

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions