CVE-2016-10548
N/A
N/A
Summary
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | reduce-css-calc node module | <=1.2.4 | affected |
Weaknesses
- CWE-94: Code Injection (CWE-94)
ADP Enrichment
CVE Program Container
Additional References
- https://gist.github.com/ChALkeR/415a41b561ebea9b341efbb40b802fc9
- https://nodesecurity.io/advisories/144
References
- https://gist.github.com/ChALkeR/415a41b561ebea9b341efbb40b802fc9
- https://nodesecurity.io/advisories/144
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.