CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Express Xss Sanitizer Project: >> Express Xss Sanitizer >> 1.0.1 Security Vulnerabilities

CVE-2022-21169

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.

CVSS Score

7.3

EPSS Score

0.001

Published

2022-09-26

Page 1

Vulnerabilities

Vulnerable Software

Express Xss Sanitizer Project: >> Express Xss Sanitizer >> 1.0.1 Security Vulnerabilities

Products

Pricing

Contact Us