5 matches found
3vot-salesforce-proxy (>=0.0.1 <=0.1.6), @11thdeg/cyan-next (>=1.0.0 <=1.3.1) +2213 more potentially affected by CVE-2018-3717 via connect (>=0.2.4 <=2.13.1)
connect NPM version =0.2.4, =0.0.1, =1.0.0, =0.25.0, =1.0.4, =1.36.8, =1.0.1, =1.0.0, =0.1.87, =1.0.0, =1.0.10 - @frieman/novisign-dashing =0.1.0 and more Source cves: CVE-2018-3717 Source advisory: OSV:GHSA-RCH9-XH7R-MQGW...
CVE-2018-3717
connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...
CVE-2018-3717
connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...
CVE-2018-3717
The CVE-2018-3717 entry concerns the connect Node.js middleware, where a Cross-Site Scripting (XSS) vulnerability exists due to lack of validation of files in the directory.js middleware. Affected versions are prior to 2.14.0. The underlying issue is inadequate input validation in directory.js, e...
CVE-2018-3717
connect node module before 2.14.0 suffers from a Cross-Site Scripting XSS vulnerability due to a lack of validation of file in directory.js middleware...