10 matches found
EUVD-2018-0326
Malware in sbrugna...
EUVD-2018-0276
Malware in sbrugna...
Cross-site Scripting (XSS) - Stored in crud-file-server
Versions of crud-file-server before 0.8.0 are vulnerable to stored cross-site scripting XSS. This is due to insufficient santiziation of filenames when directory index is served by crud-file-server. Recommendation Update to version 0.8.0 or later...
GHSA-H24F-9MM4-W336 Cross-site Scripting (XSS) - Stored in crud-file-server
Versions of crud-file-server before 0.8.0 are vulnerable to stored cross-site scripting XSS. This is due to insufficient santiziation of filenames when directory index is served by crud-file-server. Recommendation Update to version 0.8.0 or later...
crud-file-server node module cross-site scripting vulnerability
The crud-file-server node module is a file server that supports create, read, update and delete functions. A cross-site scripting vulnerability exists in crud-file-server node module versions prior to 0.8.0, which stems from the program's lack of file name validation. A remote attacker can exploi...
CVE-2018-3726
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names...
CVE-2018-3733
crud-file-server node module before 0.9.0 suffers from a Path Traversal vulnerability due to incorrect validation of url, which allows a malicious user to read content of any file with known path...
Cross-site Scripting (XSS) - Stored
Overview Versions of crud-file-server before 0.8.0 are vulnerable to stored cross-site scripting XSS. This is due to insufficient santiziation of filenames when directory index is served by crud-file-server. Recommendation Update to version 0.8.0 or later. References - GitHub Commit 4155bfe -...
Node.js third-party modules: [crud-file-server] Stored XSS in filenames when directory index is served by crud-file-server
Hi Guys, crud-file-server allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript. Module crud-file-server This package exposes a directory and its children to create, read, update, and delete operations over http...
Node.js third-party modules: [crud-file-server] Path Traversal allows to read arbitrary file from the server
Hi Guys, There is Path Traversal vulnerability in crud-file-server module, which allows to read arbitrary file from the remote server. Module crud-file-server This package exposes a directory and its children to create, read, update, and delete operations over http...