Every CVE whose affected-product data names Express Xss Sanitizer Project Express Xss Sanitizer, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2026-33979 — CVSS 8.2 (high): Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and…
CVE-2022-21169 — CVSS 7.3 (high): The package express-xss-sanitizer before 1.1.3 are vulnerable to Prototype Pollution via the allowedTags attribute, allowing the attacker…