CVE-2022-48345

Published: Feb 24, 2023
Updated: May 9, 2024
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2022-48345" target="_blank" rel="noopener"> CVE-2022-48345
GHSA: <a href="https://github.com/advisories/GHSA-q8gg-vj6m-hgmj" target="_blank" rel="noopener"> GHSA-q8gg-vj6m-hgmj
Severity: Medium
Exploit:

sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.

CVSS v3:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
paypal / braintree/sanitize-url	-	6.0.2
@braintree / sanitize-url	-	6.0.1

Vulnerability Database