How severe is CVE-2022-21169?

CVE-2022-21169 has a CVSS v3 score of 7.3 (HIGH).

CVE-2022-21169

Name: express_xss_sanitizer
Author: express_xss_sanitizer_project

7.3HIGH

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.

发布于: 9/26/2022更新于: 5/21/2025

描述

The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.

AI分析AI驱动

受影响产品

express_xss_sanitizer_projectexpress_xss_sanitizer

参考资料

https://github.com/AhmedAdelFahim/express-xss-sanitizer/commit/3bf8aaaf4dbb1c209dcb8d87a82711a54c1ab39a
PatchThird Party Advisory
https://github.com/AhmedAdelFahim/express-xss-sanitizer/issues/4
ExploitIssue TrackingThird Party Advisory
https://runkit.com/embed/w306l6zfm7tu
PatchThird Party AdvisoryURL Repurposed
https://security.snyk.io/vuln/SNYK-JS-EXPRESSXSSSANITIZER-3027443
ExploitThird Party Advisory
https://github.com/AhmedAdelFahim/express-xss-sanitizer/commit/3bf8aaaf4dbb1c209dcb8d87a82711a54c1ab39a
PatchThird Party Advisory
https://github.com/AhmedAdelFahim/express-xss-sanitizer/issues/4
ExploitIssue TrackingThird Party Advisory
https://runkit.com/embed/w306l6zfm7tu
PatchThird Party AdvisoryURL Repurposed
https://security.snyk.io/vuln/SNYK-JS-EXPRESSXSSSANITIZER-3027443
ExploitThird Party Advisory