Lucene search

[email protected]NVD:CVE-2017-16015

HistoryJun 04, 2018 - 7:29 p.m.

CVE-2017-16015

2018-06-0419:29:00

CWE-80

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.4%

JSON

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting

Affected configurations

Nvd

Node

forms_projectformsRange<1.3.0node.js

VendorProductVersionCPE
forms_projectforms*cpe:2.3:a:forms_project:forms:*:*:*:*:*:node.js:*:*

Vendor	Product	Version	CPE
forms_project	forms	*	cpe:2.3:a:forms_project:forms::::::node.js::*

References

github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d

nodesecurity.io/advisories/158

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

36.4%

JSON

Related for NVD:CVE-2017-16015

prion1 veracode1 github1 cve1 osv2 nodejs1 cvelist1