Lucene search
Veracode Vulnerability DatabaseVERACODE:39441HistoryFeb 27, 2023 - 12:16 p.m.
Reflected Cross-site Scripting (XSS)
2023-02-2712:16:36
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
20
generator-hottowel
reflected cross-site scripting
javascript injection
404 response object
app/templates/src/server/_app.js
EPSS
0.001
Percentile
34.8%
generator-hottowel is vulnerable to Reflected Cross-site Scripting (XSS) attacks. The library does not properly handle invalid calls to assets as it uses a custom 404 response object, allowing an attacker to inject and execute JavaScript through the app.use function in app/templates/src/server/_app.js.
Related
cvelist
cvelist
CVE-2016-15025 generator-hottowel 404 Error _app.js cross site scripting
2023-02-20 09:31:04
cve
cve
CVE-2016-15025
2023-02-20 10:15:12
osv
osv
generator-hottowel Cross-site Scripting vulnerability
2023-02-20 12:30:18
CVE-2016-15025
2023-02-20 10:15:12
nvd
nvd
CVE-2016-15025
2023-02-20 10:15:12
prion
prion
Cross site scripting
2023-02-20 10:15:00
github
github
generator-hottowel Cross-site Scripting vulnerability
2023-02-20 12:30:18