Description
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.
Remediation
References
https://github.com/alexcorvi/anchorme.js/blob/gh-pages/src/transform.ts%23L81
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1320695
https://snyk.io/vuln/SNYK-JS-ANCHORME-1311008
Related Vulnerabilities
CVE-2022-36083 Vulnerability in npm package jose-node-esm-runtime
CVE-2020-23622 Vulnerability in maven package org.fourthline.cling:cling-core
CVE-2020-36376 Vulnerability in npm package aaptjs
CVE-2021-25987 Vulnerability in npm package hexo
CVE-2020-13654 Vulnerability in maven package org.xwiki.platform:xwiki-platform-oldcore