Vulnerabilities > CVE-2022-21169 - Unspecified vulnerability in Express XSS Sanitizer Project Express XSS Sanitizer

047910
CVSS 6.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
LOW
Availability impact
NONE
network
low complexity
express-xss-sanitizer-project

Summary

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.