Description
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.
Remediation
References
https://github.com/alexcorvi/anchorme.js/blob/gh-pages/src/transform.ts%23L81
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1320695
https://snyk.io/vuln/SNYK-JS-ANCHORME-1311008
Related Vulnerabilities
CVE-2021-32854 Vulnerability in npm package textangular
CVE-2023-27490 Vulnerability in npm package next-auth
CVE-2020-7677 Vulnerability in maven package org.webjars.npm:thenify
CVE-2020-5397 Vulnerability in maven package org.springframework:spring-webmvc
CVE-2023-34462 Vulnerability in maven package io.netty:netty-handler