Description
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element.
Remediation
References
https://github.com/dollarshaveclub/shave/commit/da7371b0531ba14eae48ef1bb1456a3de4cfa954#diff-074799b511e4b61923dfd3f2a3bf9b54R67
https://github.com/dollarshaveclub/shave/compare/852b537...da7371b
https://www.npmjs.com/advisories/822
Related Vulnerabilities
CVE-2023-30094 Vulnerability in npm package total4
CVE-2022-23622 Vulnerability in maven package org.xwiki.platform:xwiki-platform-web-templates
CVE-2021-26117 Vulnerability in maven package org.apache.activemq:activemq-jaas
CVE-2023-46122 Vulnerability in maven package org.scala-sbt:io_2.13
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-common