|
252381
|
6.1 |
MEDIUM
Network
|
gitbook
|
gitbook
|
GitBook is a command line tool (and Node.js library) for building beautiful books using GitHub/Git and Markdown (or AsciiDoc). Stored Cross-Site-Scripting (XSS) is possible in GitBook before 3.2.2 by…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16019
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252382
|
6.1 |
MEDIUM
Network
|
restify
|
restify
|
Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16018
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252383
|
6.1 |
MEDIUM
Network
|
punkave
|
sanitize-html
|
sanitize-html is a library for scrubbing html input for malicious values Versions 1.2.2 and below have a cross site scripting vulnerability.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16017
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252384
|
6.1 |
MEDIUM
Network
|
punkave
|
sanitize-html
|
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16016
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252385
|
6.1 |
MEDIUM
Network
|
forms_project
|
forms
|
Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms m…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16015
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252386
|
7.5 |
HIGH
Network
|
http-proxy_project
|
http-proxy
|
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.
|
CWE-388
7PK - Errors
|
CVE-2017-16014
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252387
|
7.5 |
HIGH
Network
|
hapijs
|
hapi
|
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to han…
|
CWE-20
Improper Input Validation
|
CVE-2017-16013
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252388
|
6.1 |
MEDIUM
Network
|
ag-grid
|
ag-grid
|
ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16009
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252389
|
6.1 |
MEDIUM
Network
|
i18next
|
i18next
|
i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of th…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16008
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
252390
|
5.9 |
MEDIUM
Network
|
cisco
|
node-jose
|
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an …
|
NVD-CWE-noinfo
|
CVE-2017-16007
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
