VYPR

npm package

glossarizer

pkg:npm/glossarizer

Vulnerabilities (1)

  • CVE-2024-42515CriOct 31, 2024
    affected <= 1.5.2

    Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can append