CVE-2022-21169

Published: Sep 26, 2022
Updated: Feb 15, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-21169" target="_blank" rel="noopener"> CVE-2022-21169
GHSA: <a href="https://github.com/advisories/GHSA-grjp-4jmr-mjcw" target="_blank" rel="noopener"> GHSA-grjp-4jmr-mjcw
Severity: Medium
Exploit:

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.

CVSS v3:

CWEs:

Vulnerability Database