Lucene search

[email protected]CVE-2017-16015

HistoryJun 04, 2018 - 7:29 p.m.

CVE-2017-16015

2018-06-0419:29:00

CWE-79

CWE-80

[email protected]

web.nvd.nist.gov

forms

library

html forms

vulnerability

cross site scripting

cve-2017-16015

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

36.5%

JSON

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting

Affected configurations

NVD

Node

forms_projectformsRange<1.3.0node.js

CPENameOperatorVersion
forms_project:formsforms project formslt1.3.0

CPE	Name	Operator	Version
forms_project:forms	forms project forms	lt	1.3.0

CNA Affected

[
  {
    "product": "forms node module",
    "vendor": "HackerOne",
    "versions": [
      {
        "status": "affected",
        "version": "<1.3.0"
      }
    ]
  }
]