|
255521
|
6.1 |
MEDIUM
Network
|
punkave
|
sanitize-html
|
Sanitize-html is a library for scrubbing html input of malicious values. Versions 1.11.1 and below are vulnerable to cross site scripting (XSS) in certain scenarios: If allowed at least one nonTextTa…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16016
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255522
|
6.1 |
MEDIUM
Network
|
forms_project
|
forms
|
Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms m…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16015
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255523
|
7.5 |
HIGH
Network
|
http-proxy_project
|
http-proxy
|
Http-proxy is a proxying library. Because of the way errors are handled in versions before 0.7.0, an attacker that forces an error can crash the server, causing a denial of service.
|
CWE-388
7PK - Errors
|
CVE-2017-16014
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255524
|
7.5 |
HIGH
Network
|
hapijs
|
hapi
|
hapi is a web and services application framework. When hapi >= 15.0.0 <= 16.1.0 encounters a malformed `accept-encoding` header an uncaught exception is thrown. This may cause hapi to crash or to han…
|
CWE-20
Improper Input Validation
|
CVE-2017-16013
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255525
|
6.1 |
MEDIUM
Network
|
ag-grid
|
ag-grid
|
ag-grid is an advanced data grid that is library agnostic. ag-grid is vulnerable to Cross-site Scripting (XSS) via Angular Expressions, if AngularJS is used in combination with ag-grid.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16009
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255526
|
6.1 |
MEDIUM
Network
|
i18next
|
i18next
|
i18next is a language translation framework. Because of how the interpolation is implemented, making replacements from the dictionary one at a time, untrusted user input can use the name of one of th…
|
CWE-79
Cross-site Scripting
|
CVE-2017-16008
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255527
|
5.9 |
MEDIUM
Network
|
cisco
|
node-jose
|
node-jose is a JavaScript implementation of the JSON Object Signing and Encryption (JOSE) for current web browsers and node.js-based servers. node-jose earlier than version 0.9.3 is vulnerable to an …
|
NVD-CWE-noinfo
|
CVE-2017-16007
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255528
|
6.1 |
MEDIUM
Network
|
remarkable_project
|
remarkable
|
Remarkable is a markdown parser. In versions 1.6.2 and lower, remarkable allows the use of `data:` URIs in links and can therefore execute javascript.
|
CWE-79
Cross-site Scripting
|
CVE-2017-16006
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255529
|
7.5 |
HIGH
Network
|
joyent
|
http-signature
|
Http-signature is a "Reference implementation of Joyent's HTTP Signature Scheme". In versions <=0.9.11, http-signature signs only the header values, but not the header names. This makes http-signatur…
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2017-16005
|
2024-11-21 12:15 |
2018-06-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
255530
|
7.5 |
HIGH
Network
|
gaoxuyan_project
|
gaoxuyan
|
gaoxuyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.
|
CWE-22
Path Traversal
|
CVE-2017-16153
|
2024-11-21 12:15 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
