7 matches found
EUVD-2021-0564
Malware in sbrugna...
Cross-Site Scripting (XSS)
nanohttpd is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute arbitrary Javascript code in a user's browser via the GeneralHandler class that implements a basic GET handler which prints debug information as an HTML page...
NanoHTTPD Cross-site Scripting vulnerability
An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...
GHSA-PR5M-4W22-8483 NanoHTTPD Cross-site Scripting vulnerability
An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...
CVE-2020-13697
NanoHTTPD (RouterNanoHTTPD.java, GeneralHandler) through version 2.3.1 is vulnerable to reflected XSS because the GET handler prints unsanitized query-string input into an HTML page. Multiple sources (NVD, CVE-2020-13697 records; Veracode and GHSA advisories; OSV/CVE records) describe this XSS is...
CVE-2020-13697
An issue was discovered in RouterNanoHTTPD.java in NanoHTTPD through 2.3.1. The GeneralHandler class implements a basic GET handler that prints debug information as an HTML page. Any web server that extends this class without implementing its own GET handler is vulnerable to reflected XSS, becaus...
NanoHTTPD Cross-Site Scripting Vulnerability
LordFokas NanoHTTPD is an application for GlobalLordFokas individual developers. It provides a lightweight HTTP server designed for embedding in other applications. A cross-site scripting vulnerability exists in NanoHTTPD through 2.3.1, which stems from the GeneralHandler GET handler printing use...