Description
Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction.
Remediation
References
https://github.com/alexcorvi/anchorme.js/blob/gh-pages/src/transform.ts%23L81
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1320695
https://snyk.io/vuln/SNYK-JS-ANCHORME-1311008
Related Vulnerabilities
CVE-2020-7774 Vulnerability in npm package y18n
CVE-2023-49620 Vulnerability in maven package org.apache.dolphinscheduler:dolphinscheduler-service
CVE-2020-28500 Vulnerability in maven package org.webjars.npm:lodash
CVE-2022-25927 Vulnerability in maven package org.webjars.bowergithub.faisalman:ua-parser-js