EPSS
Percentile
31.6%
shave is vulnerable to Cross-Site Scripting. The `` element is not properly sanitized, allowing a remote attacker attacker to pass a malicious input to execute arbitrary Javascript code on the victim’s browser.
github.com/dollarshaveclub/shave/commit/9eaf141bd8f0c37063ceca345e5f923414b3c6b9#diff-437b8dc492ef88ec4cb0cc62499764d5R39
github.com/dollarshaveclub/shave/pull/146
www.npmjs.com/advisories/822