Описание
Cross-site Scripting (XSS) - Stored in crud-file-server
Versions of crud-file-server before 0.8.0 are vulnerable to stored cross-site scripting (XSS). This is due to insufficient santiziation of filenames when directory index is served by crud-file-server.
Recommendation
Update to version 0.8.0 or later.
Пакеты
Наименование
crud-file-server
npm
Затронутые версииВерсия исправления
<= 0.7.0
0.8.0
Связанные уязвимости
CVSS3: 6.1
nvd
больше 7 лет назад
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.