Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
f5F5F5:K30110324
HistoryOct 16, 2018 - 12:00 a.m.

K30110324 : Multiple Node.js vulnerabilities

2018-10-1600:00:00
my.f5.com
19

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

64.5%

JSON

Security Advisory Description

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.

The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a “regular expression denial of service (ReDoS).”

Impact

There is no impact; F5 products are not affected by this vulnerability.

Related

nodejs 3
github 6
cve 6
nvd 6
ubuntucve 6
prion 6
debiancve 6
cvelist 6
osv 7
veracode 3
nessus 1
openvas 1
ubuntu 1
ibm 3
nodejs
nodejs
Multiple XSS Filter Bypasses
2015-10-17 19:41:46
XSS Filter Bypass via Encoded URL
2015-10-17 19:41:46
Regular Expression Denial of Service
2015-10-17 19:41:46
github
github
Moderate severity vulnerability that affects validator
2017-10-24 18:33:36
Multiple XSS Filter Bypasses in validator
2017-10-24 18:33:36
Moderate severity vulnerability that affects validator
2017-10-24 18:33:36
cve
cve
CVE-2013-7451
2017-01-23 21:59:00
CVE-2015-8855
2017-01-23 21:59:00
CVE-2013-7452
2017-01-23 21:59:00
nvd
nvd
CVE-2013-7452
2017-01-23 21:59:00
CVE-2013-7451
2017-01-23 21:59:00
CVE-2013-7453
2017-01-23 21:59:00
ubuntucve
ubuntucve
CVE-2013-7451
2017-01-23 00:00:00
CVE-2015-8855
2017-01-23 00:00:00
CVE-2013-7452
2017-01-23 00:00:00
prion
prion
Design/Logic Flaw
2017-01-23 21:59:00
Cross site scripting
2017-01-23 21:59:00
Cross site scripting
2017-01-23 21:59:00
debiancve
debiancve
CVE-2013-7451
2017-01-23 21:59:00
CVE-2013-7452
2017-01-23 21:59:00
CVE-2015-8855
2017-01-23 21:59:00
cvelist
cvelist
CVE-2015-8855
2017-01-23 21:00:00
CVE-2013-7451
2017-01-23 21:00:00
CVE-2013-7452
2017-01-23 21:00:00
osv
osv
Multiple XSS Filter Bypasses in validator
2017-10-24 18:33:36
Moderate severity vulnerability that affects validator
2017-10-24 18:33:36
Moderate severity vulnerability that affects validator
2017-10-24 18:33:36
veracode
veracode
Cross-Site Scripting (XSS)
2018-11-20 01:23:35
Cross-Site Scripting (XSS)
2018-11-19 05:28:55
Cross-Site Scripting (XSS)
2018-11-20 01:19:35
nessus
nessus
Ubuntu 16.04 ESM : semver vulnerability (USN-4776-1)
2023-10-23 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-4776-1)
2023-01-27 00:00:00
ubuntu
ubuntu
semver vulnerability
2021-03-15 00:00:00
ibm
ibm
Security Bulletin: Current Releases of IBM® SDK for Node.js™ are affected by CVE-2015-8855
2018-08-09 04:20:36
Security Bulletin: Vulnerabilities in OpenSSL and ReDoS vulnerability in semver module affect IBM® SDK for Node.js™ in IBM Bluemix (CVE-2016-2107, CVE-2016-2105, CVE-2015-8855)
2018-08-09 04:20:36
Security Bulletin: IBM Watson Machine Learning Accelerator on Cloud Pak for Data is vulnerable to multiple vulnerabilities
2023-12-12 17:28:22

AI Score

6.2

Confidence

High

EPSS

0.002

Percentile

64.5%

JSON
Related for F5:K30110324
nodejs3github6cve6nvd6ubuntucve6prion6debiancve6cvelist6osv7veracode3nessus1openvas1ubuntu1ibm3