29 matches found
EUVD-2019-0421
Malware in sbrugna...
EUVD-2018-0460
Malware in sbrugna...
GHSA-PQPP-2363-649V Cross-Site Scripting in buttle
All versions of buttle are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, buttle does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious markdown files. Recommendation No fix is currently available. Consider...
Cross-Site Scripting in buttle
All versions of buttle are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, buttle does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious markdown files. Recommendation No fix is currently available. Consider...
Cross-Site Scripting
Overview All versions of buttle are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Conside...
Path Traversal
Overview All versions of buttle are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...
Cross-Site Scripting
Overview All versions of buttle are vulnerable to Cross-Site Scripting. Due to misconfiguration of its rendering engine, buttle does not sanitize the HTML output allowing attackers to run arbitrary JavaScript when processing malicious markdown files. Recommendation No fix is currently available...
Cross-Site Scripting in buttle
All versions of buttle are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using a...
GHSA-GM29-35C7-8CFW Cross-Site Scripting in buttle
All versions of buttle are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consider using a...
buttle npm package cross-site scripting vulnerability
buttle npm package is a static file server. A cross-site scripting vulnerability exists in version 0.2.0 of the buttle npm package, which stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side code...
CVE-2019-5422
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server...
CVE-2019-5422
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server...
Cross site scripting
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server...
CVE-2019-5422
The buttle npm package (version 0.2.0) is vulnerable to Cross-Site Scripting (XSS) due to lack of filename sanitization, enabling attacker-controlled JavaScript in the victim’s browser when files with malicious names are processed by the server. Multiple sources (npm advisory, GitHub/GHSA, CNVD, ...
CVE-2019-5422
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server...
Cross-Site Scripting (XSS)
buttle is vulnerable to cross-site scripting XSS. The usage of kramed, which has sanitize set to false by default, allows a remote attacker to inject arbitrary Javascript into a victim's browser due to a lack of HTML output sanitization...
Path Traversal in buttle
All versions of buttle are vulnerable to Path Traversal. Due to insufficient input sanitization, attackers can access server files by using relative paths when fetching files. Recommendation No fix is currently available. Consider using an alternative module until a fix is made available...
Node.js third-party modules: [buttle] Unsafe rendering of Markdown files
I would like to report Cross Site Scripting vulnerablity in buttle module It allows to execute arbitary javascript due to unsafe rendering of markdown files. Module module name: buttle version: 0.2.0 npm page: https://www.npmjs.com/package/buttle Module Description Another static file server? Why...
Buttle Module Path Traversal Vulnerability
buttle module is a static file server module. A path traversal vulnerability exists in versions of the buttle module prior to 0.2.0. An attacker can exploit this vulnerability to read arbitrary files on the server...
Directory Traversal
buttle is vulnerable to directory traversal attacks. The vulnerability exists due to the lack of sanitization of filename, allowing directory traversal attacks...