CVE-2019-12313

CVE-2019-12313

EPSS 1.3%

XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/dollarshaveclub/shave/commit/da7371b0531ba14eae48ef1bb1456a3de4cfa954#diff-074799b511e4b61923dfd3f2a3bf9b54R67 https://github.com/dollarshaveclub/shave/compare/852b537...da7371b https://www.npmjs.com/advisories/822