Описание
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.14.0 (исключая)
cpe:2.3:a:sencha:connect:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 56%
0.00339
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
ubuntu
больше 7 лет назад
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
CVSS3: 6.4
redhat
больше 7 лет назад
connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware.
CVSS3: 5.4
debian
больше 7 лет назад
connect node module before 2.14.0 suffers from a Cross-Site Scripting ...
EPSS
Процентиль: 56%
0.00339
Низкий
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
CWE-79