The package express-xss-sanitizer prior to 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the malicious user to bypass xss sanitization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
express xss sanitizer project express xss sanitizer |