Описание
Cross-Site Scripting in html-pages
All versions of html-pages are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize folder names, allowing attackers to execute arbitrary JavaScript in the victim's browser through folders with names containing malicious code.
Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
Пакеты
Наименование
html-pages
npm
Затронутые версииВерсия исправления
<= 3.1.0
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
около 7 лет назад
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.