Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nodejs_ bl4deNODEJS:585
HistoryApr 24, 2018 - 3:31 p.m.

Stored Cross-Site Scripting

2018-04-2415:31:39
_ bl4de
www.npmjs.com
170

EPSS

0.001

Percentile

23.8%

JSON

Overview

All versions of simplehttpserver are vulnerable to stored cross-site scripting (XSS). To be exploited an attacker needs to control the filename of a file that is used in the directory listing output.

Recommendation

No fix is currently available for this vulnerability. It is our recommendation to not use this module if the exploitable conditions are met.

References

Related

github 1
hackerone 1
veracode 1
nvd 1
prion 1
cve 1
osv 1
cvelist 1
github
github
Stored Cross-Site Scripting in simplehttpserver
2018-07-26 15:03:30
hackerone
hackerone
Node.js third-party modules: [simplehttpserver] Stored XSS in file names leads to malicious JavaScript code execution when directory listing is output in HTML
2018-01-26 22:06:10
veracode
veracode
Cross-site Scripting (XSS)
2018-03-08 08:05:49
nvd
nvd
CVE-2018-3716
2018-06-07 02:29:08
prion
prion
Cross site scripting
2018-06-07 02:29:00
cve
cve
CVE-2018-3716
2018-06-07 02:29:08
osv
osv
Stored Cross-Site Scripting in simplehttpserver
2018-07-26 15:03:30
cvelist
cvelist
CVE-2018-3716
2018-06-07 02:00:00

EPSS

0.001

Percentile

23.8%

JSON
Related for NODEJS:585
github1hackerone1veracode1nvd1prion1cve1osv1cvelist1