EPSS
Percentile
45.1%
express-xss-sanitizer is vulnerable to prototype pollution. The vulnerability exists in require function of sanitize.js because it doesn’t properly sanitize the user input data which allows an attacker to inject and execute arbitrary javascript.
require
sanitize.js
github.com/advisories/GHSA-grjp-4jmr-mjcw
github.com/AhmedAdelFahim/express-xss-sanitizer/commit/3bf8aaaf4dbb1c209dcb8d87a82711a54c1ab39a
github.com/AhmedAdelFahim/express-xss-sanitizer/issues/4
runkit.com/embed/w306l6zfm7tu