4 matches found
Cross-site Scripting (XSS)
seeftl is vulnerable to cross-site scripting XSS. During the directories listing, the input filename is not escaped before printing the user input directly on the screen, allowing an attacker to inject arbitrary script...
Node.js third-party modules: [min-http-server] Stored XSS in the filename when directories listing
I would like to report Stored XSS in module "min-http-server". It allows to inject malicious scripts in the file name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module module name: min-http-server version: 1.0.6 npm page:...
Node.js third-party modules: [public] Stored XSS in the filename when directories listing
I would like to report a Stored XSS issue in module public It allows executing malicious javascript code in the user's browser. Module module name: public version: 0.1.3 npm page: https://www.npmjs.com/package/public Module Description Run static file hosting server with specified public dir &...
Apache crossite scripting
Crossite scripting with UTF-7 characters on directories listing and error messages...