Description
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element.
Remediation
References
https://www.npmjs.com/advisories/822
https://github.com/dollarshaveclub/shave/compare/852b537...da7371b
https://github.com/dollarshaveclub/shave/commit/da7371b0531ba14eae48ef1bb1456a3de4cfa954#diff-074799b511e4b61923dfd3f2a3bf9b54R67
Related Vulnerabilities
CVE-2020-7750 Vulnerability in npm package scratch-svg-renderer
CVE-2018-12432 Vulnerability in maven package net.bull.javamelody:javamelody-core
CVE-2023-24057 Vulnerability in maven package ca.uhn.hapi.fhir:org.hl7.fhir.r4b
CVE-2022-25916 Vulnerability in npm package mt7688-wiscan
CVE-2020-2239 Vulnerability in maven package org.jenkins-ci.plugins:parameterized-remote-trigger