Описание
Valine HTML Injection
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.
Пакеты
Наименование
valine
npm
Затронутые версииВерсия исправления
<= 1.3.3
1.3.4
Связанные уязвимости
CVSS3: 6.1
nvd
около 7 лет назад
An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.