Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2022-21169

Disclosure Date: September 26, 2022 (last updated February 24, 2025)
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0