Lucene search
China National Vulnerability DatabaseCNVD-2022-88818HistorySep 28, 2022 - 12:00 a.m.
Express XSS Sanitizer prototype contamination vulnerability
2022-09-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
7
xss
sanitizer
vulnerability
express
prototype contamination
version
allowedtags
bypass filtering
EPSS
0.001
Percentile
45.1%
Express XSS Sanitizer is a personal development by AhmedAdelFahim to clean user input data (in req.body, req.query, req.headers and req.params) to prevent cross-site scripting (XSS) attacks. express XSS Sanitizer A prototype contamination vulnerability exists in versions prior to 1.1.3, which stems from the vulnerability that express-xss-sanitizer is susceptible to prototype contamination via the allowedTags attribute, which can be exploited to bypass xss filtering.
Related
veracode
veracode
Prototype Pollution
2022-09-27 05:56:02
nvd
nvd
CVE-2022-21169
2022-09-26 05:15:10
osv
osv
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
2022-09-27 00:00:22
CVE-2022-21169
2022-09-26 05:15:10
cvelist
cvelist
CVE-2022-21169 Prototype Pollution
2022-09-26 05:05:11
prion
prion
Cross site scripting
2022-09-26 05:15:00
cve
cve
CVE-2022-21169
2022-09-26 05:15:10
github
github