CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
48.3%
A type-confusion vulnerability can cause striptags
to concatenate unsanitized strings when an array-like object is passed in as the html
parameter. This can be abused by an attacker who can control the shape of their input, e.g. if query parameters are passed directly into the function.
XSS
3.2.0
Ensure that the html
parameter is a string before calling the function.
Vendor | Product | Version | CPE |
---|---|---|---|
striptags_project | striptags | * | cpe:2.3:a:striptags_project:striptags:*:*:*:*:*:node.js:*:* |
github.com/advisories/GHSA-qxg5-2qff-p49r
github.com/ericnorris/striptags/commit/f252a6b0819499cd65403707ebaf5cc925f2faca
github.com/ericnorris/striptags/releases/tag/v3.2.0
github.com/ericnorris/striptags/security/advisories/GHSA-qxg5-2qff-p49r
nvd.nist.gov/vuln/detail/CVE-2021-32696
www.npmjs.com/package/striptags
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS
Percentile
48.3%