CVE-2017-16043

Summary

Shout is an IRC client. Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3.

Affected Software

VendorProductVersion RangeStatus
HackerOneshout node module>=0.44.0 <=0.49.3affected

Weaknesses

  • CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)

ADP Enrichment

CVE Program Container

Additional References

References