|
253131
|
6.1 |
MEDIUM
Network
|
morris.js_project
|
morris.js
|
Morris.js creates an svg graph, with labels that appear when hovering over a point. The hovering label names are not escaped in versions 0.5.0 and earlier. If control over the labels is obtained, scr…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16022
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253132
|
6.5 |
MEDIUM
Network
|
garycourt
|
uri-js
|
uri-js is a module that tries to fully implement RFC 3986. One of these features is validating whether or not a supplied URL is valid or not. To do this, uri-js uses a regular expression, This regula…
|
CWE-1333
Inefficient Regular Expression Complexity
|
CVE-2017-16021
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253133
|
9.8 |
CRITICAL
Network
|
summit_project
|
summit
|
Summit is a node web framework. When using the PouchDB driver in the module, Summit 0.1.0 and later allows an attacker to execute arbitrary commands via the collection name.
|
CWE-94
Code Injection
|
CVE-2017-16020
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253134
|
6.1 |
MEDIUM
Network
|
gitbook
|
gitbook
|
GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible in GitBook before 3.2.2 by…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16019
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253135
|
6.1 |
MEDIUM
Network
|
restify
|
restify
|
Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16018
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253136
|
6.1 |
MEDIUM
Network
|
punkave
|
sanitize-html
|
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16017
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253137
|
6.1 |
MEDIUM
Network
|
punkave
|
sanitize-html
|
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16016
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253138
|
6.1 |
MEDIUM
Network
|
forms_project
|
forms
|
Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms m…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16015
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253139
|
7.5 |
HIGH
Network
|
http-proxy_project
|
http-proxy
|
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.
|
CWE-388
7PK - Errors
|
CVE-2017-16014
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
253140
|
7.5 |
HIGH
Network
|
hapijs
|
hapi
|
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to han…
|
CWE-20
Improper Input Validation
|
CVE-2017-16013
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
