Lucene search
SnykCVE-2022-21169HistorySep 26, 2022 - 5:15 a.m.
CVE-2022-21169
2022-09-2605:15:10
CWE-1321
snyk
web.nvd.nist.gov
33
4
cve-2022-21169
express-xss-sanitizer
prototype pollution
allowedtags
xss
security vulnerability
nvd
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
45.1%
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
Affected configurations
Node
express_xss_sanitizer_projectexpress_xss_sanitizerRange<1.1.3node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| express_xss_sanitizer_project | express_xss_sanitizer | * | cpe:2.3:a:express_xss_sanitizer_project:express_xss_sanitizer:*:*:*:*:*:node.js:*:* |
CNA Affected
[
{
"product": "express-xss-sanitizer",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
Social References
More
Related
cnvd
cnvd
Express XSS Sanitizer prototype contamination vulnerability
2022-09-28 00:00:00
veracode
veracode
Prototype Pollution
2022-09-27 05:56:02
nvd
nvd
CVE-2022-21169
2022-09-26 05:15:10
osv
osv
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
2022-09-27 00:00:22
CVE-2022-21169
2022-09-26 05:15:10
cvelist
cvelist
CVE-2022-21169 Prototype Pollution
2022-09-26 05:05:11
prion
prion
Cross site scripting
2022-09-26 05:15:00
github
github
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
AI Score
6.1
Confidence
High
EPSS
0.001
Percentile
45.1%
Related for CVE-2022-21169