GHSA-3843-RR4G-M8JQ Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)

Description A vulnerability has been identified in express-xss-sanitizer , , , etc. and attributes e.g., href on . This behavior violates the expected API contract and may lead to security issues such as content injection or XSS, depending on how the sanitized output is used. Impact Developers...

Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)

Description A vulnerability has been identified in express-xss-sanitizer , , , etc. and attributes e.g., href on . This behavior violates the expected API contract and may lead to security issues such as content injection or XSS, depending on how the sanitized output is used. Impact Developers...

PT-2026-28581

Name of the Vulnerable Software and Affected Versions Express XSS Sanitizer versions prior to 2.0.2 Express XSS Sanitizer versions 4.x and 5.x Description Express XSS Sanitizer, middleware for Express 4.x and 5.x, sanitizes user input data in req.body, req.query, req.headers, and req.params to...