CNNVD-202509-1840 Information

Sep 14, 2025 cve

CNNVD ID

CNNVD-202509-1840

CVE-2025-59364

CNNVD Published: 2025-09-14

Description (Chinese)

Express XSS Sanitizer是AhmedAdelFahim个人开发者的用于清理用户输入数据（在 req.body、req.query、req.headers 和 req.params 中）以防止跨站脚本 (XSS) 攻击。 Express XSS Sanitizer 2.0.0及之前版本存在安全漏洞，该漏洞源于lib/sanitize.js中对JSON请求体的清理函数存在无限递归，可能导致拒绝服务。

Description (English)

Express XSS Sanitizer, Ahmed AdelFahim personal developer, used to clean up user input data (in req.body, req.query, req.heads and req.params) to prevent cross-site script (XSS) attacks. Express XSS Sanitizer 2.0 and previous versions had a security loophole, which originated in lib/sanitize.js with an unlimited regression of the clean-up function of JSON requesting bodies, which could lead to the denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-14

Last Modified

2026-02-24

References

https://www.npmjs.com/package/express-xss-sanitizer https://gist.github.com/Spendroslav/177804eaef5acfb222a550de212a1b94 https://github.com/AhmedAdelFahim/express-xss-sanitizer https://access.redhat.com/security/cve/cve-2025-59364

Share on: