Описание
Cross-Site Scripting in glance
Versions of glance before 3.0.8 are vulnerable to Stored Cross-Site Scripting (XSS). This is only exploitable if the attacker is able to control the name of a file that is served by the glance package.
Пакеты
Наименование
glance
npm
Затронутые версииВерсия исправления
< 3.0.8
3.0.8
Связанные уязвимости
CVSS3: 6.1
nvd
больше 7 лет назад
There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.