CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

14 matches found

EUVD•added 2025/10/07 12:30 a.m.•4 views

EUVD-2019-0596

Malware in sbrugna...

5.4CVSS5.4AI score0.0014EPSS

Exploits1References4

Veracode•added 2020/08/26 4:12 a.m.•10 views

Directory Traversal

min-http-server is vulnerable to directory traversal. The vulnerability exists as it does not sanitize the value of fullStaticPath in index.js...

3.4AI score

Exploits0

Node.js•added 2019/08/07 7:51 p.m.•23 views

Cross-Site Scripting

Overview All versions of min-http-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available...

3.5CVSS4.1AI score0.0014EPSS

Exploits1Affected Software1

OSV•added 2019/07/31 4:22 a.m.•11 views

GHSA-J657-59RV-QWM6 Cross-Site Scripting in min-http-server

All versions of min-http-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available, conside...

5.4CVSS5.4AI score0.0014EPSS

Exploits1References3

Github Security Blog•added 2019/07/31 4:22 a.m.•22 views

Cross-Site Scripting in min-http-server

5.4CVSS5.3AI score0.0014EPSS

Exploits1References4Affected Software1

CNVD•added 2019/07/31 12:0 a.m.•2 views

min-http-server cross-site scripting vulnerability

min-http-server is a lightweight http static resource server . A cross-site scripting vulnerability exists in min-http-server all versions. The vulnerability stems from a lack of proper validation of client-side data by the web application. An attacker can exploit this vulnerability to execute...

5.4CVSS6.4AI score0.0014EPSS

Exploits1References1

NVD•added 2019/07/30 9:15 p.m.•8 views

CVE-2019-5457

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

5.4CVSS5.4AI score0.0014EPSS

Exploits1References1

OSV•added 2019/07/30 9:15 p.m.•2 views

CVE-2019-5457

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

5.4CVSS6.3AI score0.0014EPSS

Exploits1References1

Prion•added 2019/07/30 9:15 p.m.•9 views

Cross site scripting

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

3.5CVSS5.5AI score0.0014EPSS

Exploits1References1Affected Software1

CVE•added 2019/07/30 8:22 p.m.•47 views

CVE-2019-5457

CVE-2019-5457 concerns a cross-site scripting (XSS) vulnerability in min-http-server (all versions). The root cause is failure to sanitize filenames in directory listings, allowing an attacker with access to the server file system to inject malicious characters into filenames and have JavaScript ...

5.4CVSS5.4AI score0.0014EPSS

Exploits1References1Affected Software1

Cvelist•added 2019/07/30 8:22 p.m.•10 views

CVE-2019-5457

Cross-site scripting XSS vulnerability in min-http-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

5.4AI score0.0014EPSS

Exploits1References1

Veracode•added 2019/07/25 5:30 a.m.•15 views

Cross-site Scripting (XSS)

min-http-server is vulnerable to cross-site scripting XSS. The attack is due to lack of sanitization of filenames before rendering as HTML in listing directory page...

5.4CVSS5.1AI score0.0014EPSS

Exploits1References2Affected Software1

Hacker One•added 2019/05/07 8:16 p.m.•25 views

Node.js third-party modules: [min-http-server] Stored XSS in the filename when directories listing

I would like to report Stored XSS in module "min-http-server". It allows to inject malicious scripts in the file name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module module name: min-http-server version: 1.0.6 npm page:...

3.5CVSS5AI score0.0014EPSS

Exploits1

Hacker One•added 2019/05/07 7:51 a.m.•17 views

Node.js third-party modules: [min-http-server] List any file in the folder by using path traversal.

I would like to report Path Traversal in min-http-server. It allows to list any file in another folder of web root. Module module name: min-http-server version: 1.0.6 npm page: https://www.npmjs.com/package/min-http-server Module Description 'min-http-server' is a zero-configuration, lightweight...

0.6AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by