Description
Shout is an IRC client. Because the `/topic` command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3.
Remediation
References
https://nodesecurity.io/advisories/322
https://github.com/erming/shout/pull/344
Related Vulnerabilities
CVE-2020-7615 Vulnerability in npm package fsa
CVE-2020-6831 Vulnerability in npm package electron
CVE-2022-31367 Vulnerability in npm package strapi-plugin-content-type-builder
CVE-2017-16038 Vulnerability in npm package f2e-server
CVE-2023-40812 Vulnerability in maven package org.opencrx:opencrx-core-models