Lucene search
K

6 matches found

F5 Networks
F5 Networks
added 2023/02/21 6:55 p.m.63 views

K24444803: Node.js vulnerabilities CVE-2015-8860, CVE-2015-8856, CVE-2016-7099, and CVE-2016-5325

Security Advisory Description CVE-2015-8860 The tar package before 2.0.0 for Node.js allows remote attackers to write to arbitrary files via a symlink attack in an archive. CVE-2015-8856 Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote...

7.5CVSS6.3AI score0.04912EPSS
Exploits0
Veracode
Veracode
added 2018/03/01 3:10 a.m.213 views

Cross-site Scripting (XSS)

anywhere is vulnerable to cross-site scripting XSS attacks. The library uses a version of the serve-index package that is vulnerable to CVE-2015-8856, allowing a malicious user to inject and execute arbitrary Javascript...

6.1CVSS5.3AI score0.02477EPSS
Exploits1References5Affected Software3
UbuntuCve
UbuntuCve
added 2017/01/23 9:59 p.m.20 views

CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

6.1CVSS7AI score0.02477EPSS
Exploits0References3
OSV
OSV
added 2017/01/23 9:59 p.m.6 views

CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

6.1CVSS6AI score
Exploits0References5
CVE
CVE
added 2017/01/23 9:0 p.m.70 views

CVE-2015-8856

CVE-2015-8856 affects the serve-index package for Node.js prior to 1.6.3, where file or directory names could be crafted to trigger cross-site scripting. The vulnerability allows remote injection of arbitrary scripts/HTML via such names. A fix is available in version 1.6.3 and later. The availabl...

6.1CVSS5.6AI score0.02477EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2017/01/23 9:0 p.m.34 views

CVE-2015-8856

Cross-site scripting XSS vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name...

6AI score0.02477EPSS
Exploits0References3
Rows per page
Query Builder