pid 4135 days ago. Disclosure Timeline March 6th, 2013: Initial report to module maintainer via email. Sent proofs of concept, etc. March 10th, 2013: Developer replies, creates public issue on GitHub to track the fix. Promises to resolve the issue “ASAP.” April 17th, 2013, 10:56 PM: Sent pull request which resolves issues. April 17th, 2013, 11:27 PM: Pull request merged by maintainer. April 18th, 2013, 8:31 AM: New version (1.1.0) released containing patch. !!! May 6th, 2013: Additional bypass disclosed publicly by taku0. !!! STILL OPEN !!! https://github.com/chriso/node-validator/issues/181 full article: https://nealpoole.com/blog/2013/07/xss-filter-bypass-in-validator-nodejs-module/