CRHTLF can lead to invalid protocol extraction potentially leading to XSS in medialize/uri.js
Mar 18th 2022
Proof of Concept
This vulnerability is capable of incorrect protocol extraction potentially leading to XSS.
\r \n \t characters should be removed before parsing
Thank you for reporting the issue. it has been solved and released as v1.19.11
The researcher has requested a CVE here.
Can I go ahead and assign and publish one @maintainer?
Hey Jamie, yes, go ahead :)