express-xss-sanitizer

NPM

www.npmjs.com

github.com

Releases18

Frequency3 months 3 weeks

Last Release 3 months ago

Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-59364 ↗	Sep 14, 2025Sunday, 14 September 2025, 23:15	5.3 MEDIUM	—
The express-xss-sanitizer (aka Express XSS Sanitizer) package through 2.0.0 for Node.js has an unbounded recursion depth in sanitize in lib/sanitize.js for a JSON request body.