MEDIUM🇵🇱 Wersja polska

CVE-2018-16481

CVSS 6.1v3.0pub. 2019-02-01upd. 2024-11-21

A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • Html Pages Project Html Pages

    APP
    Html-Pages Project
    ≤ 2.1.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2018-3744CRITICAL9.8ten sam produkt

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file ...