EUVD-2018-0759

Malware in sbrugna...

Node.js third-party modules: [tianma-static] Security issue with XSS.

I would like to report XSS in tianma-static It allows XSS and HTML Injection First of all, It is my first report and I am sorry that I am not good at English T.T thank you. Module module name: tianma-static version: 1.0.4 npm page: https://www.npmjs.com/package/tianma-static Module Description...

Stored Cross-Site Scripting

Overview All versions of tianma-static are vulnerable to stored cross-site scripting XSS. The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static Recommendation As no fix is available for this vulnerability at this time it is our recommendation to...

GHSA-JHGP-HVJ6-X2P2 Stored Cross-Site Scripting in tianma-static

All versions of tianma-static are vulnerable to stored cross-site scripting XSS. The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static Recommendation As no fix is available for this vulnerability at this time it is our recommendation to use...

Stored Cross-Site Scripting in tianma-static

All versions of tianma-static are vulnerable to stored cross-site scripting XSS. The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static Recommendation As no fix is available for this vulnerability at this time it is our recommendation to use...

whistle.combo (>=1.0.0 <=1.0.2) potentially affected by CVE-2018-16474 via tianma-static (=1.0.4)

tianma-static NPM version =1.0.4 is affected by a known vulnerability. The following packages have a transitive dependency on tianma-static and may be impacted: - whistle.combo =1.0.0, =1.0.2 Source cves: CVE-2018-16474 Source advisory: OSV:GHSA-JHGP-HVJ6-X2P2...

Cross site scripting

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

A stored xss in tianma-static module versions =1.0.4 allows an attacker to execute arbitrary javascript...

CVE-2018-16474

CVE-2018-16474 concerns the Node.js module tianma-static . Concrete details show that all versions up to 1.0.4 are vulnerable to a stored XSS if an attacker can control the name of a file served by the module. Affected condition: filenames unsanitized, enabling arbitrary JavaScript execution when...

Cross-site Scripting (XSS)

tianma-static is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as it does not sanitize filenames, allowing filenames to be used as a vector for XSS attacks...

Node.js third-party modules: [tianma-static] Stored xss on filename

I would like to report stored xss in tianma-static It allows anyone to execute arbitary javascript for doing anything. Module module name: tianma-static version: 1.0.4 npm page: https://www.npmjs.com/package/tianma-static Module Description Provide a static file service. Vulnerability Vulnerabili...