CVE-2025-59364

CVSS v4.0

6.9

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions express-xss-sanitizer versions through 2.0.0

Description The express-xss-sanitizer package contains an unbounded recursion depth in the

sanitize

function located in

lib/sanitize.js

when processing a JSON request body.

Recommendations Update to a version of express-xss-sanitizer greater than 2.0.0.

Fix

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

CVE-2025-59364

GHSA-HVQ2-WF92-J4F3

GHSA-QHWP-454G-2GV4

Express-Xss-Sanitizer