VYPR

Express XSS Sanitizer

by AhmedAdelFahim

Source repositories

CVEs (2)

  • CVE-2026-33979HigMar 27, 2026
    risk 0.46cvss 8.2epss 0.00

    Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0.2 where restrictive…

  • CVE-2025-59364MedSep 14, 2025
    risk 0.27cvss 5.3epss 0.00

    The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body.