CVE-2026-33979

Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data in req.body, req.query, req.headers and req.params to prevent Cross Site Scripting XSS attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive sanitization configurations are...

The vulnerability of the Sanitize::Config::RELAXED component in the Sanitize library for the Ruby programming language allows a hacker to perform cross-site scripting attacks.

The vulnerability of the Sanitize::Config::RELAXED component in the Sanitize library for the Ruby programming language is related to the lack of measures taken to protect the structure of web pages when processing style elements. Exploiting this vulnerability allows a remote attacker to perform...

The vulnerability of the Sanitize library for the Ruby programming language stems from deficiencies in the security measures used to protect web page structures. This vulnerability allows attackers to access confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Sanitize library for the Ruby programming language is related to deficiencies in the security measures used to protect web page structures. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service...

The vulnerability of the Sanitize library for the Ruby programming language allows a hacker to circumvent the restrictions on the use of HTML attributes.

The vulnerability of the Sanitize library for the Ruby programming language is related to input validation errors. Exploiting this vulnerability could allow an attacker to circumvent the specified restrictions on the use of HTML attributes...