Lucene search
HistorySep 26, 2022 - 5:15 a.m.
CVE-2022-21169
cve-2022-21169
prototype pollution
allowedtags attribute
xss sanitization bypass
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
45.1%
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
Affected configurations
Node
express_xss_sanitizer_projectexpress_xss_sanitizerRange<1.1.3node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| express_xss_sanitizer_project | express_xss_sanitizer | * | cpe:2.3:a:express_xss_sanitizer_project:express_xss_sanitizer:*:*:*:*:*:node.js:*:* |
Related
cnvd
cnvd
Express XSS Sanitizer prototype contamination vulnerability
2022-09-28 00:00:00
osv
osv
CVE-2022-21169
2022-09-26 05:15:10
cvelist
cvelist
CVE-2022-21169 Prototype Pollution
2022-09-26 05:05:11
veracode
veracode
Prototype Pollution
2022-09-27 05:56:02
prion
prion
Cross site scripting
2022-09-26 05:15:00
github
github
cve
cve
CVE-2022-21169
2022-09-26 05:15:10
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
45.1%
Related for NVD:CVE-2022-21169