VYPR

Glossarizer

by Pebbleroad

npm: glossarizer

CVEs (1)

  • CVE-2024-42515CriOct 31, 2024
    risk 0.64cvss 9.9epss 0.00

    Glossarizer through 1.5.2 improperly tries to convert text into HTML. Even though the application itself escapes special characters (e.g., <>), the underlying library converts these encoded characters into legitimate HTML, thereby possibly causing stored XSS. Attackers can…