LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2026-33979

CVE-2026-33979 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: March 27, 2026

Express XSS Sanitizer - Stored XSS

Published: March 27, 2026Updated: March 27, 2026Remote Exploitable

Overview

Express XSS Sanitizer 4.x and 5.x middleware prior to 2.0.2 contains a stored XSS vulnerability caused by ignoring restrictive sanitization configurations, letting attackers bypass sanitization and execute scripts, exploit requires crafted input.

Severity & Score

Severity: High
CVSS Score: 8.2
EPSS Score: 0.0%(Probability of exploitation in next 30 days)

Impact

Attackers can execute malicious scripts in users' browsers, leading to session hijacking or data theft.

Mitigation

Update to version 2.0.2 or later.

References

Social Media Activity(4 posts)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 27, 2026

šŸŸ  CVE-2026-33979 - High (8.2) Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33979/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 27, 2026

šŸŸ  CVE-2026-33979 - High (8.2) Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33979/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 27, 2026

šŸŸ  CVE-2026-33979 - High (8.2) Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33979/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post
TheHackerWire
TheHackerWire
@thehackerwire
Mar 27, 2026

šŸŸ  CVE-2026-33979 - High (8.2) Express XSS Sanitizer is Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack. A vulnerability has been identified in versions prior to 2.0... šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2026-33979/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2026-33979
Severity
High
CVSS Score
8.2
Type
stored_xss
Status
new
EPSS
0.0%
Social Posts
4

CWE

  • CWE-79

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

EPSS Score

0.0%Probability of exploitation in the next 30 days