Lucene search
K

4 matches found

Hacker One
Hacker One
added 2019/06/11 4:8 p.m.26 views

Node.js third-party modules: [tianma-static] Security issue with XSS.

I would like to report XSS in tianma-static It allows XSS and HTML Injection First of all, It is my first report and I am sorry that I am not good at English T.T thank you. Module module name: tianma-static version: 1.0.4 npm page: https://www.npmjs.com/package/tianma-static Module Description...

4.3CVSS6.1AI score0.00765EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2018/11/06 11:12 p.m.5 views

whistle.combo (>=1.0.0 <=1.0.2) potentially affected by CVE-2018-16474 via tianma-static (=1.0.4)

tianma-static NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on tianma-static and may be impacted: - whistle.combo =1.0.0, =1.0.2 Source cves: CVE-2018-16474 Source advisory: OSV:GHSA-JHGP-HVJ6-X2P2...

6.1CVSS6.3AI score0.00765EPSS
Exploits1
CVE
CVE
added 2018/11/06 7:0 p.m.57 views

CVE-2018-16474

CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...

6.1CVSS6.3AI score0.00765EPSS
Exploits1References1Affected Software1
Openbugbounty
Openbugbounty
added 2018/08/14 5:1 p.m.18 views

db.etree.org XSS vulnerability

Open Bug Bounty ID: OBB-664322 Description| Value ---|--- Affected Website:| db.etree.org Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Rows per page
Query Builder