Security Advisory

CVE-2022-21169

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-09-26 05:05:11

Last updated 2025-05-21 20:29:25

Assigner snyk

State PUBLISHED

Description

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.

← Browse all CVEs View on cve.org ↗