Lucene search
K

30 matches found

NVD
NVD
added 2026/03/27 10:16 p.m.4 views

CVE-2026-33979

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...

8.2CVSS0.00382EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/27 9:29 p.m.23 views

CVE-2026-33979 Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...

8.2CVSS0.00382EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/27 9:29 p.m.8 views

CVE-2026-33979 Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...

8.2CVSS5.7AI score0.00382EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 9:29 p.m.2 views

CVE-2026-33979

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...

8.2CVSS5.7AI score0.00382EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/27 5:56 p.m.4 views

GHSA-3843-RR4G-M8JQ Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)

Description A vulnerability has been identified in express-xss-sanitizer , , , etc. and attributes e.g., href on . This behavior violates the expected API contract and may lead to security issues such as content injection or XSS, depending on how the sanitized output is used. Impact Developers...

8.2CVSS5.8AI score0.00382EPSS
Exploits1References5
vulnersOsv
vulnersOsv
added 2026/03/27 5:56 p.m.7 views

@omchat/common (>=1.0.0 <=1.0.4), @tverse/ui (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2026-33979 via express-xss-sanitizer (=1.2.1)

express-xss-sanitizer NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on express-xss-sanitizer and may be impacted: - @omchat/common =1.0.0, =0.1.0, =1.0.0, =1.14.31, =1.15.2 Source cves: CVE-2026-33979 Source advisory:...

8.2CVSS5.8AI score0.00382EPSS
Exploits1
Snyk
Snyk
added 2026/03/27 5:56 p.m.3 views

Permissive List of Allowed Inputs

Overview express-xss-sanitizer is an Express 4.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. Affected versions of this package are vulnerable to Permissive List of Allowed Inputs through the...

8.8CVSS5.9AI score0.00382EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/03/27 5:56 p.m.10 views

Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)

Description A vulnerability has been identified in express-xss-sanitizer , , , etc. and attributes e.g., href on . This behavior violates the expected API contract and may lead to security issues such as content injection or XSS, depending on how the sanitized output is used. Impact Developers...

8.2CVSS5.8AI score0.00382EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.9 views

PT-2026-28581

Name of the Vulnerable Software and Affected Versions Express XSS Sanitizer versions prior to 2.0.2 Express XSS Sanitizer versions 4.x and 5.x Description Express XSS Sanitizer, middleware for Express 4.x and 5.x, sanitizes user input data in req.body, req.query, req.headers, and req.params to...

8.2CVSS5.8AI score0.00382EPSS
Exploits1References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2022-6830

Malicious code in bioql PyPI...

7.3CVSS6.8AI score0.00739EPSS
Exploits1References6
vulnersOsv
vulnersOsv
added 2025/09/26 2:38 p.m.6 views

@omchat/common (>=1.0.0 <=1.0.4), @tverse/ui (>=0.1.0 <=0.1.1) +2 more potentially affected by CVE-2025-59364 via express-xss-sanitizer (=1.2.1)

express-xss-sanitizer NPM version =1.2.1 is affected by a known vulnerability. The following packages have a transitive dependency on express-xss-sanitizer and may be impacted: - @omchat/common =1.0.0, =0.1.0, =1.0.0, =1.14.31, =1.15.2 Source cves: CVE-2025-59364 Source advisory:...

5.3CVSS5.8AI score0.00419EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2025/09/26 2:38 p.m.8 views

express-xss-sanitizer has an unbounded recursion depth

Security Advisory: express-xss-sanitizer Overview A vulnerability was discovered in express-xss-sanitizer that allowed unbounded recursion depth during sanitization of nested objects. Affected Versions - All versions prior to 2.0.1 Patched Versions - 2.0.1 and later Description The sanitize...

5.3CVSS7.2AI score0.00419EPSS
Exploits0References10Affected Software1
RedhatCVE
RedhatCVE
added 2025/09/16 12:12 a.m.16 views

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

5.3CVSS6.3AI score0.00419EPSS
Exploits0References1
OSV
OSV
added 2025/09/15 12:30 a.m.4 views

GHSA-QHWP-454G-2GV4 Duplicate Advisory: express-xss-sanitizer has an unbounded recursion depth

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-hvq2-wf92-j4f3. This link is maintained to preserve external references. Original Descripton The express-xss-sanitizer package for Node.js has an unbounded recursion in the sanitize function lib/sanitize.js when...

6.9CVSS6.7AI score0.00419EPSS
Exploits0References6
NVD
NVD
added 2025/09/14 11:15 p.m.4 views

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

5.3CVSS0.00419EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2025/09/14 10:42 p.m.6 views

@aadharsh/orion-alpine-x934x (>=1.0.0 <=1.0.6), @idvidrine/create-express-app (>=1.0.0 <=1.1.5) +5 more potentially affected by CVE-2025-59364 via express-xss-sanitizer (>=1.2.1 <=2.0.2)

express-xss-sanitizer NPM version =1.2.1, =1.0.0, =1.0.0, =2.0.0, =1.0.0, =0.1.0, =1.0.0, =1.14.31, =1.15.2 Source cves: CVE-2025-59364 Source advisory: SNYK:JS-EXPRESSXSSSANITIZER-12670886...

5.3CVSS5.7AI score0.00419EPSS
Exploits0
Snyk
Snyk
added 2025/09/14 10:42 p.m.4 views

Uncontrolled Recursion

Overview express-xss-sanitizer is an Express 4.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. Affected versions of this package are vulnerable to Uncontrolled Recursion via the sanitize function in...

6.9CVSS6AI score0.00419EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/09/14 12:0 a.m.8 views

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

5.3CVSS0.00419EPSS
Exploits0References3
CVE
CVE
added 2025/09/14 12:0 a.m.20 views

CVE-2025-59364

The CVE concerns the express-xss-sanitizer package for Node.js, where the sanitize function in lib/sanitize.js can recurse without depth limit when handling JSON request bodies, potentially enabling denial of service through stack exhaustion. Affected versions include up to 2.0.0; advisories indi...

5.3CVSS6AI score0.00419EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/14 12:0 a.m.3 views

CVE-2025-59364

The express-xss-sanitizer aka Express XSS Sanitizer package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body...

5.3CVSS6AI score0.00419EPSS
Exploits0References3
Rows per page
Query Builder