5 matches found
37fis (>=1.0.0 <=1.0.2), @axerunners/p2pool-scanner (=0.0.2) +717 more potentially affected by CVE-2015-8856 via serve-index (>=1.0.0 <=1.6.2)
serve-index NPM version =1.0.0, =1.0.0, =1.0.1, =1.0.37, =0.0.1, =0.13.7, =1.0.4, =1.0.1, =1.0.0, =0.2.0, =1.0.3, =1.0.4, =1.0.13 and more Source cves: CVE-2015-8856 Source advisory: OSV:GHSA-V633-X5VV-HQWC...
CVE-2015-8856
Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...
CVE-2015-8856
Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...
CVE-2015-8856
CVE-2015-8856 affects the serve-index package for Node.js prior to 1.6.3, where file or directory names could be crafted to trigger cross-site scripting. The vulnerability allows remote injection of arbitrary scripts/HTML via such names. A fix is available in version 1.6.3 and later. The availabl...
CVE-2015-8856
Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...