0.001 Low
EPSS
Percentile
38.3%
buttle is vulnerable to cross-site scripting (XSS) attacks. The library does not sanitize filenames, allowing a malicious user to inject and execute arbitrary Javascript using a iframe tag as a filename.
hackerone.com/bl4de
hackerone.com/reports/331110