CVE-2016-15025

Опубликовано: 20 фев. 2023

Источник: nvd

CVSS3: 3.5

CVSS3: 6.1

CVSS2: 4

EPSS Низкий

Описание

A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is c17092fd4103143a9ddab93c8983ace8bf174396. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221484.

Ссылки

https://github.com/johnpapa/generator-hottowel/commit/c17092fd4103143a9ddab93c8983ace8bf174396
Patch
https://github.com/johnpapa/generator-hottowel/pull/174
Patch
https://vuldb.com/?ctiid.221484
Permissions Required
Third Party Advisory
https://vuldb.com/?id.221484
Permissions Required
Third Party Advisory
https://github.com/johnpapa/generator-hottowel/commit/c17092fd4103143a9ddab93c8983ace8bf174396
Patch
https://github.com/johnpapa/generator-hottowel/pull/174
Patch
https://vuldb.com/?ctiid.221484
Permissions Required
Third Party Advisory
https://vuldb.com/?id.221484
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:generator-hottowel_project:generator-hottowel:0.0.11:*:*:*:*:node.js:*:*

EPSS

Процентиль: 26%

0.00091

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-f8hv-rx9p-f9r4

CVSS3: 6.1

github

почти 3 года назад

generator-hottowel Cross-site Scripting vulnerability

EPSS

Процентиль: 26%

0.00091

Низкий

3.5 Low

CVSS3

6.1 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-79