View all vulnerabilities

CVE-2021-23648

Cross-site Scripting in sanitize-url

The package `@braintree/sanitize-url` before 6.0.0 is vulnerable to Cross-site Scripting (XSS) due to improper sanitization in the `sanitizeUrl` function.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
5.3
Score Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Affected Versions
@braintree/sanitize-url < 6.0.0
Severity
Medium
Ecosystem
JavaScript
Publish Date
March 16, 2022
Modified Date
January 14, 2025