EUVD-2017-0311

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2015-8856

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a...

K24444803: Node.js vulnerabilities CVE-2015-8860, CVE-2015-8856, CVE-2016-7099, and CVE-2016-5325

Security Advisory Description CVE-2015-8860 The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. CVE-2015-8856 Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote...

SUSE CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

Cross-site Scripting (XSS)

anywhere is vulnerable to cross-site scripting XSS attacks. The library uses a version of the serve-index package that is vulnerable to CVE-2015-8856, allowing a malicious user to inject and execute arbitrary Javascript...

GHSA-V633-X5VV-HQWC Cross-Site Scripting in serve-index

Versions 1.6.2 and earlier of serve-index are affected by a cross-site scripting vulnerability. Because file and directory names are not escaped in the module's HTML output, a remote attacker that can influence file or directory names can launch a persistent cross-site scripting attack on the...

37fis (>=1.0.0 <=1.0.2), @axerunners/p2pool-scanner (=0.0.2) +717 more potentially affected by CVE-2015-8856 via serve-index (>=1.0.0 <=1.6.2)

serve-index NPM version =1.0.0, =1.0.0, =1.0.1, =1.0.37, =0.0.1, =0.13.7, =1.0.4, =1.0.1, =1.0.0, =0.2.0, =1.0.3, =1.0.4, =1.0.13 and more Source cves: CVE-2015-8856 Source advisory: OSV:GHSA-V633-X5VV-HQWC...

Cross-Site Scripting in serve-index

Versions 1.6.2 and earlier of serve-index are affected by a cross-site scripting vulnerability. Because file and directory names are not escaped in the module's HTML output, a remote attacker that can influence file or directory names can launch a persistent cross-site scripting attack on the...

Cross site scripting

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

DEBIAN-CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

UBUNTU-CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

CVE-2015-8856

CVE-2015-8856 affects the serve-index package for Node.js prior to 1.6.3, where file or directory names could be crafted to trigger cross-site scripting. The vulnerability allows remote injection of arbitrary scripts/HTML via such names. A fix is available in version 1.6.3 and later. The availabl...

CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

Joyent Node.js serve-index cross-site scripting vulnerability

Joyent Node.js is a web application platform built on top of Google's V8 JavaScript engine. A cross-site scripting vulnerability exists in the Joyent Node.js serve-index, which allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtai...

PT-2017-7490 · Npm +1 · Index Server +1

Name of the Vulnerable Software and Affected Versions: serve-index versions 1.6.2 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. This is due to file and directory names not being escape...

Cross-Site Scripting

Overview Versions 1.6.2 and earlier of serve-index are affected by a cross-site scripting vulnerability. Because file and directory names are not escaped in the module's HTML output, a remote attacker that can influence file or directory names can launch a persistent cross-site scripting attack o...