1 results (0.006 seconds)
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-21169 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2022-21169
26 Sep 2022 — The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization. El paquete express-xss-sanitizer versiones anteriores a 1.1.3, es vulnerable a una Contaminación de Prototipos por medio del atributo allowedTags, permitiendo al atacante omitir el saneo de tipo xss. • https://github.com/AhmedAdelFahim/express-xss-sanitizer/commit/3bf8aaaf4dbb1c209dcb8d87a82711a54c1ab39a • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •