Cross-site Scripting (XSS)

scrape-metadata is vulnerable to cross-site scripting XSS attacks. The library scrapes metadata without sanitization, allowing a malicious user to inject and execute arbitrary Javascript through tags on an attacker controller website...

Node.js third-party modules: stored xss in scrape-metadata when reading metadata from an html page

Hy Module scrape-metadata https://www.npmjs.com/package/scrape-metadata Module Description a module used to scrape meta data contents from an article Vulnerability Description It was possible to embed malicious js code in metadata content read by scrape-metadata. When library reads such metadata,...