Vulnerabilities (CVE)

Filtered by vendor Paypal Subscribe
Filtered by product Braintree\/sanitize-url
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-48345 1 Paypal 1 Braintree\/sanitize-url 2023-12-10 N/A 6.1 MEDIUM
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
CVE-2021-23648 2 Fedoraproject, Paypal 2 Fedora, Braintree\/sanitize-url 2023-12-10 4.3 MEDIUM 6.1 MEDIUM
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.