CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 2CVE-2022-21169 – Prototype Pollution
https://notcve.org/view.php?id=CVE-2022-21169
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization. El paquete express-xss-sanitizer versiones anteriores a 1.1.3, es vulnerable a una Contaminación de Prototipos por medio del atributo allowedTags, permitiendo al atacante omitir el saneo de tipo xss. • https://github.com/AhmedAdelFahim/express-xss-sanitizer/commit/3bf8aaaf4dbb1c209dcb8d87a82711a54c1ab39a https://github.com/AhmedAdelFahim/express-xss-sanitizer/issues/4 https://runkit.com/embed/w306l6zfm7tu https://security.snyk.io/vuln/SNYK-JS-EXPRESSXSSSANITIZER-3027443 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •