Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2018-16484

UNKNOWN
Published 2019-02-01T18:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-16484. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

A XSS vulnerability was found in module m-server <1.4.2 that allows malicious Javascript code or HTML to be executed, due to the lack of escaping for special characters in folder names.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

HackerOne

m-server

Affected Versions:

<1.4.2

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Cross-Site Scripting in m-server

GHSA-gmxv-xf2q-6j8m

Advisory Details

Versions of `m-server` before 1.4.2 are vulnerable to stored cross-site scripting. This vulnerability is exploitable if an attacker is able to control the name of a file that `m-server` is serving. ## Recommendation Update to version 1.4.2 or later.

Affected Packages

npm m-server
ECOSYSTEM: ≥0 <1.4.2

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-16484
WEB https://hackerone.com/reports/319794
ADVISORY https://github.com/advisories/GHSA-gmxv-xf2q-6j8m
WEB https://github.com/nodejs/security-wg/blob/master/vuln/npm/467.json
WEB https://www.npmjs.com/advisories/729

Advisory provided by GitHub Security Advisory Database. Published: February 7, 2019, Modified: September 13, 2023

References

https://hackerone.com/reports/319794
Published: 2019-02-01T18:00:00
Last Modified: 2024-08-05T10:24:32.703Z
Copied to clipboard!