Lucene search
SnykCVELIST:CVE-2022-21169HistorySep 26, 2022 - 5:05 a.m.
CVE-2022-21169 Prototype Pollution
2022-09-2605:05:11
snyk
www.cve.org
2
cve-2022-21169
prototype pollution
express-xss-sanitizer
allowedtags attribute
xss sanitization
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
EPSS
0.001
Percentile
45.1%
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
CNA Affected
[
{
"product": "express-xss-sanitizer",
"vendor": "n/a",
"versions": [
{
"lessThan": "1.1.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
cnvd
cnvd
Express XSS Sanitizer prototype contamination vulnerability
2022-09-28 00:00:00
veracode
veracode
Prototype Pollution
2022-09-27 05:56:02
nvd
nvd
CVE-2022-21169
2022-09-26 05:15:10
osv
osv
express-xss-sanitizer vulnerable to Prototype Pollution via allowedTags attribute
2022-09-27 00:00:22
CVE-2022-21169
2022-09-26 05:15:10
prion
prion
Cross site scripting
2022-09-26 05:15:00
github
github
cve
cve
CVE-2022-21169
2022-09-26 05:15:10
CVSS3
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
EPSS
0.001
Percentile
45.1%
Related for CVELIST:CVE-2022-21169