parse-url is an advanced url parser that supports git url. parse-url versions prior to 7.0.0 are vulnerable to a cross-site scripting vulnerability that stems from the ability to run malicious JS code using ASCII characters starting with and all special escaped characters starting with Unicode, which can be exploited to place any malicious JS code on a web page .
CPE | Name | Operator | Version |
---|---|---|---|
parse-url parse-url | lt | 7.0.0 |