← Back

Braintree/sanitize Url

braintree/sanitize-url

Vendor: Paypal • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2022-48345
1Paypal
1Braintree/sanitize Url
Mar 12, 2025
Feb 24, 2023
N/A· v4
6.1 MEDIUM· v3
N/A· v2
sanitize-url (aka @braintree/sanitize-url) before 6.0.2 allows XSS via HTML entities.
CVE-2021-23648
2Fedoraproject
Paypal
2Braintree/sanitize Url
Fedora
Nov 21, 2024
Mar 16, 2022
N/A· v4
6.1 MEDIUM· v3
4.3 MEDIUM· v2
The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function.