2 matches found
h-include (=1.0.0), hinclude (>=1.0.1 <=1.1.0) +2 more potentially affected by CVE-2018-3716 via simplehttpserver (=0.0.6)
simplehttpserver NPM version =0.0.6 is affected by a known vulnerability. The following packages have a transitive dependency on simplehttpserver and may be impacted: - h-include =1.0.0 - hinclude =1.0.1, =0.0.1, =0.0.2 Source cves: CVE-2018-3716 Source advisory: OSV:GHSA-JRHJ-2J3Q-XF3V...
CVE-2018-3716
CVE-2018-3716 affects the simplehttpserver Node.js module. The vulnerability is a stored XSS in directory listings caused by lack of validation/sanitization of file names fed into HTML output. Exploitation requires an attacker-controlled filename in the listing; the XSS payload is reflected in th...