1 results (0.002 seconds)
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-3377 – nodejs-ansi_up: XSS due to insufficient URL sanitization
https://notcve.org/view.php?id=CVE-2021-3377
05 Mar 2021 — The npm package ansi_up converts ANSI escape codes into HTML. In ansi_up v4, ANSI escape codes can be used to create HTML hyperlinks. Due to insufficient URL sanitization, this feature is affected by a cross-site scripting (XSS) vulnerability. This issue is fixed in v5.0.0. El paquete npm ansi_up convierte los códigos de escape ANSI en HTML. • https://doyensec.com/resources/Doyensec_Advisory_ansi_up4_XSS.pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •