EPSS
Percentile
48.0%
ansi_up is vulnerable to cross-site scripting (XSS). The vulnerability exists as the existing sanitization methiod escape_txt_for_html is insufficient to prevent " and ' characters used in payloads.
escape_txt_for_html
"
'
doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf
github.com/advisories/GHSA-2v5f-23xc-v9qr
github.com/drudru/ansi_up/commit/c8c726ed1db979bae4f257b7fa41775155ba2e27