Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-h24f-9mm4-w336

GitHub Security Advisory

Cross-site Scripting (XSS) - Stored in crud-file-server

✓ GitHub Reviewed MODERATE Has CVE
View on GitHub

Advisory Details

Versions of `crud-file-server` before 0.8.0 are vulnerable to stored cross-site scripting (XSS). This is due to insufficient santiziation of filenames when directory index is served by `crud-file-server`.

## Recommendation

Update to version 0.8.0 or later.

Affected Packages

npm crud-file-server
Affected versions: 0 (fixed in 0.8.0)

Related CVEs

CVE-2018-3726

Key Information

GHSA ID
GHSA-h24f-9mm4-w336
Published
July 18, 2018 6:34 PM
Last Modified
January 31, 2023 1:54 AM
CVSS Score
5.0 /10
Primary Ecosystem
npm
Primary Package
crud-file-server
GitHub Reviewed
✓ Yes

Dataset

Last updated: August 30, 2025 6:32 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.