4 matches found
CVE-2013-7370
CVE-2013-7370 concerns node-connect before 2.8.1, which has an XSS vulnerability in the Sencha Labs Connect middleware. Affected component: node-connect (Sencha Connect middleware). Root cause/impact: XSS in the middleware could reflect or inject script via user input; exploitation status is not ...
CVE-2018-3717
The CVE-2018-3717 entry concerns the connect Node.js middleware, where a Cross-Site Scripting (XSS) vulnerability exists due to lack of validation of files in the directory.js middleware. Affected versions are prior to 2.14.0. The underlying issue is inadequate input validation in directory.js, e...
CVE-2013-4691
The CVE-2013-4691 entry documents an XSS vulnerability in Sencha Labs Connect (Node.js HTTP server framework) via the connect.methodOverride() function. The root cause is a lack of proper validation of client-supplied data by the web application, enabling potential execution of client-side code. ...
CVE-2013-7371
CVE-2013-7371 affects node-connects prior to 2.8.2, where a cross-site scripting vulnerability exists in the Sencha Labs Connect middleware (resulting from an incomplete fix for CVE-2013-7370). Impact is XSS via the Connect middleware as described in multiple sources. A remediation is to update t...