metascraper before v5.2.0 vulnerable to stored cross-site scripting

2018-08-0822:25:57

Google

osv.dev

0.001 Low

EPSS

Percentile

43.5%

Versions of metascraper prior to 5.2.0 are vulnerable to stored cross-site scripting (XSS).

Recommendation

Upgrade to version 5.2.0 or later.

CPENameOperatorVersion
metascraperlt5.2.0

CPE	Name	Operator	Version
	metascraper	lt	5.2.0

github.com/microlinkhq/metascraper

github.com/microlinkhq/metascraper/pull/169

hackerone.com/reports/309367

nvd.nist.gov/vuln/detail/CVE-2018-3773

www.npmjs.com/advisories/603

0.001 Low

EPSS

Percentile

43.5%

Related for OSV:GHSA-8F64-Q7JC-CCGP