GHSA-v633-x5vv-hqwc

Опубликовано: 24 окт. 2017

Источник: github

Github: Прошло ревью

CVSS3: 6.1

Описание

Cross-Site Scripting in serve-index

Versions 1.6.2 and earlier of serve-index are affected by a cross-site scripting vulnerability. Because file and directory names are not escaped in the module's HTML output, a remote attacker that can influence file or directory names can launch a persistent cross-site scripting attack on the application.

Recommendation

Update to version 1.6.3 or later.

Ссылки

Пакеты

Наименование

serve-index

npm

Затронутые версииВерсия исправления

< 1.6.3

1.6.3

EPSS

Процентиль: 56%

0.00341

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2015-8856

Дефекты

CWE-79

Связанные уязвимости

CVE-2015-8856

CVSS3: 6.1

ubuntu

около 9 лет назад

Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.

CVE-2015-8856

CVSS3: 6.1

nvd

около 9 лет назад

Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.

CVE-2015-8856

CVSS3: 6.1

debian

около 9 лет назад

Cross-site scripting (XSS) vulnerability in the serve-index package be ...

EPSS

Процентиль: 56%

0.00341

Низкий

6.1 Medium

CVSS3

CVE ID

CVE-2015-8856

Дефекты

CWE-79