2 matches found
CVE-2018-9863
The CVE-2018-9863 entry concerns the express-useragent Node.js/ExpressJS middleware. The connected documents reveal a concrete vulnerability: lack of sanitization/escaping of the HTTP User-Agent header , which an attacker can exploit to trigger Cross-site Scripting (XSS) . Impact described across...
Node.js third-party modules: XSS in express-useragent through HTTP User-Agent
Hello, I would like to report an XSS in express-useragent module due a lack of validating User-Agent header. Please note I already created an Github issue and asked for CVE CVE-2018-9863. I did not know about Node.js third-party modules on hackerone. Description express-useragent is simple...