@braintree/sanitize-url is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the decodeHtmlCharacters
function in index.ts
does not properly sanitize html encoded colons in the urlSchemeRegex
parameter, which allows an attacker to inject and execute malicious JavaScript by providing a malicious URL.
CPE | Name | Operator | Version |
---|---|---|---|
@braintree/sanitize-url | le | 6.0.0 | |
@braintree/sanitize-url | le | 6.0.0 | |
@braintree/sanitize-url | le | 6.0.0 | |
@braintree/sanitize-url | le | 6.0.0 |