EPSS
Percentile
41.8%
url-parse is vulnerable to cross-site scripting (XSS). The vulnerability exists as the unsanitized value of address in index.js could be used to bypass validation checks when used in the browser.
address
index.js
github.com/unshiftio/url-parse/commit/3ecd256f127c3ada36a84d9b8dd3ebd14316274b
hackerone.com/reports/496293