Advisories for Npm/@Braintree/Sanitize-Url package

2023

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.

2022

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The package @braintree/sanitize-url before 6.0.0 is vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.