Cianmce

**Name of the Vulnerable Software and Affected Versions** RisingStack protect versions 1.2.0 and earlier @risingstack/protect (all versions) **Description** The issue concerns a Cross Site Scripting (XSS) vulnerability in the `isXss()` function, located in `lib/rules/xss.js`, which can result in dangerous XSS strings being validated as safe. This vulnerability can be exploited via a number of XSS strings, allowing attackers to execute arbitrary JavaScript in a victim's browser. **Recommendations** For RisingStack protect versions 1.2.0 and earlier: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For @risingstack/protect (all versions): Consider using an alternative package, as the current package is not actively maintained and will not be patched. As a temporary workaround, consider disabling the `isXss()` function until a patch is available or an alternative solution is implemented.