CVE-2022-21169

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/09/2022
Last modified:
21/05/2025

Description

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:express_xss_sanitizer_project:express_xss_sanitizer:*:*:*:*:*:node.js:*:* 1.1.3 (excluding)