CVE-2017-16043
N/A
N/A
Summary
Shout is an IRC client. Because the /topic command in messages is unescaped, attackers have the ability to inject HTML scripts that will run in the victim's browser. Affects shout >=0.44.0 <=0.49.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | shout node module | >=0.44.0 <=0.49.3 | affected |
Weaknesses
- CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) (CWE-80)
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.