OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents.
CPE | Name | Operator | Version |
---|---|---|---|
json-sanitizer | eq | 1.2.1 | |
json-sanitizer | eq | json-sanitizer-1.0 | |
json-sanitizer | eq | json-sanitizer-1.1 | |
json-sanitizer | eq | release-1.2.0 |