Lucene search
K

36 matches found

OSV
OSV
added 2018/11/09 5:45 p.m.12 views

GHSA-QW3G-35HC-FCRH Cross-Site Scripting (XSS) in restify

Affected versions of restify are susceptible to a cross-site scripting vulnerability when using URL encoded script tags in a non-existent URL. Proof of Concept: Request https://localhost:3000/no5such3file7.pl?%22%3E%3Cscript%3Ealert73541;%3C/script%3E Will be included in response: alert73541;...

6.1CVSS5.9AI score0.00966EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2018/11/09 5:45 p.m.27 views

Cross-Site Scripting (XSS) in restify

Affected versions of restify are susceptible to a cross-site scripting vulnerability when using URL encoded script tags in a non-existent URL. Proof of Concept: Request https://localhost:3000/no5such3file7.pl?%22%3E%3Cscript%3Ealert73541;%3C/script%3E Will be included in response: alert73541;...

6.1CVSS1.2AI score0.00966EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2018/10/23 5:14 p.m.16 views

GHSA-CGJX-MWPX-47JV Private Data Disclosure in express-restify-mongoose

Affected versions of express-restify-mongoose are susceptible to an information leakage vulnerability which may allow an attacker to access fields on a model even if those fields are marked as private. Proof of Concept If you have a user model that you want to protect, such as the following User...

8.8CVSS8.7AI score0.01422EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2018/10/23 5:14 p.m.24 views

Private Data Disclosure in express-restify-mongoose

Affected versions of express-restify-mongoose are susceptible to an information leakage vulnerability which may allow an attacker to access fields on a model even if those fields are marked as private. Proof of Concept If you have a user model that you want to protect, such as the following User...

8.8CVSS1.1AI score0.01422EPSS
Exploits1References7Affected Software1
CNVD
CNVD
added 2018/06/15 12:0 a.m.1 views

Restify Cross-Site Scripting Vulnerability

Restify a framework for building REST APIs using Connect middleware . A cross-site scripting vulnerability exists in Restify versions 2.0.0 through 4.0.4. A remote attacker can exploit this vulnerability to execute script in a browser...

6.1CVSS6AI score0.00966EPSS
Exploits1References1
NVD
NVD
added 2018/06/04 7:29 p.m.13 views

CVE-2017-16018

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

6.1CVSS6.2AI score0.00966EPSS
Exploits1References2
OSV
OSV
added 2018/06/04 7:29 p.m.12 views

CVE-2017-16018

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

6.1CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2018/06/04 7:29 p.m.12 views

Design/Logic Flaw

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

4.3CVSS6.2AI score0.00966EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/06/04 7:0 p.m.53 views

CVE-2017-16018

Restify vulnerability CVE-2017-16018 affects the restify framework (versions 2.0.0 through 4.0.4). The issue is a Cross‑Site Scripting (XSS) vulnerability that occurs when URL encoded script tags are used in a non-existent URL, allowing an attacker to run script in some browsers. The practical im...

6.1CVSS6.1AI score0.00966EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2018/06/04 7:0 p.m.17 views

CVE-2017-16018

Restify is a framework for building REST APIs. Restify =2.0.0 =4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers...

6.2AI score0.00966EPSS
Exploits1References2
CNVD
CNVD
added 2018/06/04 12:0 a.m.7 views

express-restify-mongoose information disclosure vulnerability

express-restify-mongoose is a tool for creating interfaces for Mongoose Model. A security vulnerability exists in express-restify-mongoose version 2.4.2 and earlier and versions 3.0.X through 3.0.1. An attacker can exploit the vulnerability by sending a request to obtain the passwords of all user...

8.8CVSS6.8AI score0.01422EPSS
Exploits1References1
NVD
NVD
added 2018/05/31 8:29 p.m.21 views

CVE-2016-10533

express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send a request for GET /User?distinct=password and get all the passwords for all the users in the...

8.8CVSS8.6AI score0.01422EPSS
Exploits1References2
CVE
CVE
added 2018/05/31 8:0 p.m.50 views

CVE-2016-10533

CVE-2016-10533 affects express-restify-mongoose. Vulnerable versions (2.4.2 and earlier, and 3.0.X through 3.0.1) allow a malicious user to abuse GET /User?distinct=password to retrieve all user passwords, bypassing private field protections. The root cause is information leakage through listing/...

8.8CVSS8.5AI score0.01422EPSS
Exploits1References2Affected Software1
Node.js
Node.js
added 2017/02/27 10:50 p.m.47 views

Cross-Site Scripting (XSS)

Overview Affected versions of restify are susceptible to a cross-site scripting vulnerability when using URL encoded script tags in a non-existent URL. Proof of Concept: Request https://localhost:3000/no5such3file7.pl?%22%3E%3Cscript%3Ealert73541;%3C/script%3E Will be included in response:...

4.3CVSS1.6AI score0.00966EPSS
Exploits1Affected Software1
Node.js
Node.js
added 2016/03/28 5:49 p.m.33 views

Private Data Disclosure

Overview Affected versions of express-restify-mongoose are susceptible to an information leakage vulnerability which may allow an attacker to access fields on a model even if those fields are marked as private. Proof of Concept If you have a user model that you want to protect, such as the...

4CVSS0.9AI score0.01422EPSS
Exploits1Affected Software1
Node JS Blog
Node JS Blog
added 2014/07/31 12:0 a.m.42 views

V8 Memory Corruption and Stack Overflow (fixed in Node v0.8.28 and v0.10.30)

V8 Memory Corruption and Stack Overflow fixed in Node v0.8.28 and v0.10.30 A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may...

9.8CVSS7.8AI score0.05356EPSS
Exploits0
Rows per page
Query Builder