The validator module prior to 1.1.0 for Node.js allows remote malicious users to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
nodejs node.js