2 matches found
003-gas-convert (=1.0.1), 01homework (>=1.0.0 <=1.0.1) +49192 more potentially affected by CVE-2014-9772 via validator (>=0.1.8 <=1.5.1)
validator NPM version =0.1.8, =1.0.0, =0.0.2, =0.0.8, =0.0.1, =0.0.6, =1.0.9, =0.0.1, =0.0.122 and more Source cves: CVE-2014-9772 Source advisory: OSV:GHSA-79MX-88W7-8F7Q...
CVE-2014-9772
The CVE-2014-9772 entry concerns the validator package for Node.js. Affected versions are prior to 2.0.0, where the built-in XSS filter can be bypassed using hex-encoded characters. This can allow bypass of the filter and may enable script execution in contexts that rely on the validator’s XSS pr...