cloudcmd (>=5.0.5 <=9.3.2), console-io (>=2.5.2 <=5.0.0) +22 more potentially affected by unknown CVE via ponse (>=1.0.1 <=1.6.1)

ponse NPM version =1.0.1, =5.0.5, =2.5.2, =0.0.0, =0.1.0, =2.7.4, =0.3.0, =1.0.0, =1.0.0, =0.0.1, =0.2.0, =1.0.0, =1.0.0, =1.0.9, =1.0.0, =1.0.0, =1.3.6 and more Source cves: unknown CVE Source advisory: OSV:GHSA-WFHX-6PCM-7M55...

Cross-Site Scripting (XSS) in cloudcmd

Versions of cloudcmd before 9.1.6 are vulnerable to cross-site scripting XSS when listing files in a directory. The attacker must control the name of a file for this vulnerability to be exploitable. Recommendation Update to version 9.1.6 or later...

GHSA-M8FW-534V-XM85 Cross-Site Scripting (XSS) in cloudcmd

Versions of cloudcmd before 9.1.6 are vulnerable to cross-site scripting XSS when listing files in a directory. The attacker must control the name of a file for this vulnerability to be exploitable. Recommendation Update to version 9.1.6 or later...

Cross-Site Scripting (XSS)

Overview Versions of cloudcmd before 9.1.6 are vulnerable to cross-site scripting XSS when listing files in a directory. The attacker must control the name of a file for this vulnerability to be exploitable. Recommendation Update to version 9.1.6 or later. References - HackerOne...

Cross-site Scripting (XSS)

cloudcmd is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the improper sanitization of filename which allows arbitrary javascript code to be executed when rendered...

Node.js third-party modules: [cloudcmd] Stored XSS in the filename when directories listing

I would like to report a Stored XSS issue in module cloudcmd It allows executing malicious javascript code in the user's browser. Module module name: cloudcmd version: 9.1.5 npm page: https://www.npmjs.com/package/cloudcmd Module Description Cloud Commander is an orthodox web file manager with...