3 matches found
CVE-2019-15782
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name...
@homey/server (>=0.0.7 <=0.1.17), @merorafael/torrent-cli (>=0.1.0 <=0.1.1) +16 more potentially affected by CVE-2019-15782 via webtorrent (>=0.100.0 <=0.104.0)
webtorrent NPM version =0.100.0, =0.0.7, =0.1.0, =0.0.1, =1.2.0, =0.0.1, =0.0.3, =1.1.0, =1.1.1, =1.0.0, =0.0.2, =0.0.3 - tronpages =0.0.4 and more Source cves: CVE-2019-15782 Source advisory: OSV:GHSA-GJH4-FCV3-WHPQ...
CVE-2019-15782
The CVE-2019-15782 entry relates to WebTorrent. Affected software: webtorrent prior to version 0.107.6. Issue: Cross-Site Scripting (XSS) in the HTTP server when listing a torrent’s title or file name, due to unsanitized data in the index page generated by torrent.createServer(). Impact: potentia...