Description
XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element.
Remediation
References
https://github.com/dollarshaveclub/shave/commit/da7371b0531ba14eae48ef1bb1456a3de4cfa954#diff-074799b511e4b61923dfd3f2a3bf9b54R67
https://github.com/dollarshaveclub/shave/compare/852b537...da7371b
https://www.npmjs.com/advisories/822
Related Vulnerabilities
CVE-2022-31023 Vulnerability in maven package com.typesafe.play:play_2.13
CVE-2021-27578 Vulnerability in maven package org.apache.zeppelin:zeppelin
CVE-2020-28472 Vulnerability in npm package @aws-sdk/shared-ini-file-loader
CVE-2019-0233 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2020-1960 Vulnerability in maven package org.apache.flink:flink-metrics-core