4 matches found
Cross-site Scripting (XSS)
Overview privatebin/privatebin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the drag-and-drop helper when handling filenames containing HTML content. An attacker ca...
privatebin XSS
privatebin reports: Dragging a file whose filename contains HTML is reflected verbatim into the page via the drag-and-drop helper, so any user who drops a crafted file on PrivateBin will execute arbitrary JavaScript within their own session self-XSS. This allows an attacker who can entice a victi...
Cross-site Scripting (XSS)
Overview npx-server is a simple HTTP server with autoindexing of directories, custom one file controllers system which logic is, reloading without reloading server, reloading browser hotloader if one of files on the hard drive changed, everything shipped in one .js file with no dependencies and o...
CVE-2018-3747
The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...