Описание
A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.1.4 (исключая)
cpe:2.3:a:public_project:public:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 36%
0.0015
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
EPSS
Процентиль: 36%
0.0015
Низкий
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-79
CWE-79