Headline
GHSA-grjp-4jmr-mjcw: express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
The package express-xss-sanitizer before 1.1.3 is vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
Moderate severity GitHub Reviewed Published Sep 27, 2022 • Updated Sep 30, 2022
Related news
CVE-2022-21169: fix XSS bypass by using prototype pollution issue. · AhmedAdelFahim/express-xss-sanitizer@3bf8aaa
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.