Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker to bypass xss sanitization.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Vulnerability Type
N/A
Vulnerability Title
Express XSS Sanitizer 安全漏洞
Vulnerability Description
Express XSS Sanitizer是AhmedAdelFahim个人开发者的用于清理用户输入数据(在 req.body、req.query、req.headers 和 req.params 中)以防止跨站脚本 (XSS) 攻击。 Express XSS Sanitizer 1.1.3之前的版本存在安全漏洞,该漏洞源于攻击者通过allowedTags属性实现原型污染,导致攻击者绕过跨站脚本消毒措施。
CVSS Information
N/A
Vulnerability Type
N/A