Cross-Site Scripting (XSS)

buttle is vulnerable to cross-site scripting XSS. The usage of kramed, which has sanitize set to false by default, allows a remote attacker to inject arbitrary Javascript into a victim's browser due to a lack of HTML output sanitization...

Node.js third-party modules: [buttle] Unsafe rendering of Markdown files

I would like to report Cross Site Scripting vulnerablity in buttle module It allows to execute arbitary javascript due to unsafe rendering of markdown files. Module module name: buttle version: 0.2.0 npm page: https://www.npmjs.com/package/buttle Module Description Another static file server? Why...