github.com/dutchcoders/transfer.sh is vulnerable to cross-site scripting(XSS) attacks. The library is unable to determine the content type of the file inserted through ContentType
metadata, which allows an attacker to inject and execute malicious javascript on victim’s browser.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/dutchcoders/transfer.sh | le | v1.4.0 | |
github.com/dutchcoders/transfer.sh | le | v1.4.0 |