Cross-site Scripting (XSS)

express-useragent is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization of the user-agent header, allowing XSS attacks to occur...

Node.js third-party modules: XSS in express-useragent through HTTP User-Agent

Hello, I would like to report an XSS in express-useragent module due a lack of validating User-Agent header. Please note I already created an Github issue and asked for CVE CVE-2018-9863. I did not know about Node.js third-party modules on hackerone. Description express-useragent is simple...