GHSA-gmxv-xf2q-6j8m

Опубликовано: 07 фев. 2019

Источник: github

Github: Прошло ревью

CVSS3: 5.4

Описание

Cross-Site Scripting in m-server

Versions of m-server before 1.4.2 are vulnerable to stored cross-site scripting. This vulnerability is exploitable if an attacker is able to control the name of a file that m-server is serving.

Recommendation

Update to version 1.4.2 or later.

Ссылки

Пакеты

Наименование

m-server

npm

Затронутые версииВерсия исправления

< 1.4.2

1.4.2

EPSS

Процентиль: 38%

0.00162

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2018-16484

Дефекты

CWE-79

Связанные уязвимости

CVE-2018-16484

CVSS3: 5.4

nvd

около 7 лет назад

A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.

EPSS

Процентиль: 38%

0.00162

Низкий

5.4 Medium

CVSS3

CVE ID

CVE-2018-16484

Дефекты

CWE-79