Fmeum

**Name of the Vulnerable Software and Affected Versions** OWASP json-sanitizer versions prior to 1.2.1 **Description** The issue allows an attacker who controls a substring of the input JSON, and controls another substring adjacent to a SCRIPT element in which the output is embedded as JavaScript, to potentially confuse the HTML parser as to where the SCRIPT element ends. This could cause non-script content to be interpreted as JavaScript, leading to a cross-site scripting (XSS) attack. **Recommendations** For OWASP json-sanitizer versions prior to 1.2.1, update to version 1.2.1 or later to resolve the issue.