0.001 Low
EPSS
Percentile
46.8%
sockjs is vulnerable to cross-site scripting (XSS). The attack exists because it does sanitize the callback parameter in lib/transport/htmlfile.js for non-alphanumeric symbols, allowing an attacker to inject malicious scripts.
lib/transport/htmlfile.js
github.com/sockjs/sockjs-node/commit/8f64d46c02d96b46357827216143c43b236edd36#diff-aaaa2c29c946741300388d221116f74bR48
github.com/theyiyibest/Reflected-XSS-on-SockJS
github.com/theyiyibest/Reflected-XSS-on-SockJS/issues/1
www.sockjs.org