Description
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.
Remediation
References
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1320695
https://github.com/alexcorvi/anchorme.js/blob/gh-pages/src/transform.ts%23L81
https://snyk.io/vuln/SNYK-JS-ANCHORME-1311008
Related Vulnerabilities
CVE-2020-6858 Vulnerability in maven package com.hotels.styx:styx-components
CVE-2022-39353 Vulnerability in maven package org.webjars.npm:xmldom
CVE-2022-25973 Vulnerability in npm package mc-kill-port
CVE-2022-38900 Vulnerability in npm package decode-uri-component
CVE-2017-16881 Vulnerability in maven package org.b3log:symphony