CVE-2018-3726
N/A
N/A
Summary
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HackerOne | crud-file-server node module | Versions before 0.8.0 | affected |
Weaknesses
- CWE-79: Cross-site Scripting (XSS) - Generic (CWE-79)
ADP Enrichment
CVE Program Container
Additional References
- https://hackerone.com/reports/311101
- https://github.com/omphalos/crud-file-server/commit/4155bfe068bf211b49a0b3ffd06e78cbaf1b40fa
References
- https://hackerone.com/reports/311101
- https://github.com/omphalos/crud-file-server/commit/4155bfe068bf211b49a0b3ffd06e78cbaf1b40fa
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.