Description
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.
Remediation
References
https://github.com/alexcorvi/anchorme.js/blob/gh-pages/src/transform.ts%23L81
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1320695
https://snyk.io/vuln/SNYK-JS-ANCHORME-1311008
Related Vulnerabilities
CVE-2020-2133 Vulnerability in maven package com.applatix.jenkins:applatix
CVE-2021-39227 Vulnerability in npm package zrender
CVE-2020-7641 Vulnerability in npm package grunt-util-property
CVE-2020-1714 Vulnerability in maven package org.keycloak:keycloak-common
CVE-2018-3713 Vulnerability in npm package angular-http-server