EPSS
Percentile
42.8%
validator is vulnerable to cross-site scripting. A remote attacker is able to bypass the XSS filters via UI redressing to inject arbitrary Javascript into a victim’s browser to steal session tokens or perform unwanted actions on behalf of the user.
github.com/chriso/validator.js/commit/478f75cd8f56eda37f10680bfde00342a0aa7da1
www.npmjs.com/advisories/41