CVE-2017-16010

Опубликовано: 29 мая 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

i18next is a language translation framework. When using the .init method, passing interpolation options without passing an escapeValue will default to undefined rather than the assumed true. This can result in a cross-site scripting vulnerability because user input is assumed to be escaped, but is not. This vulnerability affects i18next 2.0.0 and later.

Ссылки

https://github.com/i18next/i18next/pull/826
Exploit
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/326
Exploit
Third Party Advisory
https://github.com/i18next/i18next/pull/826
Exploit
Issue Tracking
Third Party Advisory
https://nodesecurity.io/advisories/326
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:i18next:i18next:*:*:*:*:*:node.js:*:*

Версия от 2.0.0 (включая) до 3.4.3 (включая)

EPSS

Процентиль: 45%

0.00223

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2017-16010

CVSS3: 6.1

ubuntu

больше 7 лет назад

CVE-2017-16010

CVSS3: 6.1

debian

больше 7 лет назад

i18next is a language translation framework. When using the .init meth ...

GHSA-cmh5-qc8w-xvcq

CVSS3: 6.1

github

больше 7 лет назад

Cross-Site Scripting in i18next

EPSS

Процентиль: 45%

0.00223

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79