3 matches found
browser-forms (>=0.0.1 <=0.0.2), express-stormpath (>=0.1.0 <=0.5.8) +4 more potentially affected by CVE-2017-16015 via forms (>=0.1.0 <=1.1.4)
forms NPM version =0.1.0, =0.0.1, =0.1.0, =0.0.1, =1.0.0, =0.3.1, =0.0.1, =0.1.1 Source cves: CVE-2017-16015 Source advisory: OSV:GHSA-VWJJ-2852-3765...
CVE-2017-16015
CVE-2017-16015 affects the forms library (Node.js) where versions before 1.3.0 fail to properly escape HTML in generated forms, enabling cross-site scripting if input is not sanitized. The vulnerability stems from inadequate HTML escaping in the library’s form generation path. Impact is XSS in ap...
CVE-2017-16015
Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting...