CVE-2015-8856

Опубликовано: 23 янв. 2017

Источник: debian

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-serve-index	fixed	1.9.1-1		package

Примечания

libv8 is not covered by security support
https://nodesecurity.io/advisories/serve-static-xss
https://github.com/expressjs/serve-index/issues/28

EPSS

Процентиль: 56%

0.00341

Низкий

Связанные уязвимости

CVE-2015-8856

CVSS3: 6.1

ubuntu

около 9 лет назад

Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.

CVE-2015-8856

CVSS3: 6.1

nvd

около 9 лет назад

Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.

GHSA-v633-x5vv-hqwc

CVSS3: 6.1

github

больше 8 лет назад

Cross-Site Scripting in serve-index

EPSS

Процентиль: 56%

0.00341

Низкий