Bl4De

**Name of the Vulnerable Software and Affected Versions** Concrete CMS versions through 8.5.5 **Description** An issue in Concrete CMS allows Stored XSS to occur in Conversations when the Active Conversation Editor is set to Rich Text. **Recommendations** For versions through 8.5.5, update to a version that contains a fix for this issue to prevent Stored XSS in Conversations. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** servey versions prior to 3.3.2 **Description** A path traversal issue allows an attacker to read the content of any arbitrary file. **Recommendations** For servey versions prior to 3.3.2, update to version 3.3.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** buttle version 0.2.0 buttle versions prior to a fixed version (no fixed version specified) **Description** The issue allows execution of attacker-provided code in the victim's browser. This occurs when an attacker creates an arbitrary file on the server, exploiting the failure to sanitize filenames. This enables attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. **Recommendations** For buttle version 0.2.0, consider using an alternative package until a fix is made available. For buttle versions prior to a fixed version, consider using an alternative package until a fix is made available.

**Name of the Vulnerable Software and Affected Versions** exceljs versions prior to 1.6.0 **Description** The issue is related to an unescaped payload in exceljs, allowing a possible cross-site scripting (XSS) attack via cell value when a worksheet is displayed in a browser. This is due to exceljs not validating data from parsed XLSX files and embedding HTML tags, like <script>, directly into sheet cells, making it possible to inject malicious JavaScript code and execute it when data from the sheet is displayed in the browser. **Recommendations** Update to version 1.6.0 or later. As a temporary workaround, consider restricting the display of potentially malicious Excel files in browsers until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** statics-server versions 0.0.0 through 0.0.9 **Description** The issue is related to a Cross-Site Scripting (XSS) vulnerability. It occurs when statics-server displays a directory index in the browser and an attacker injects an iframe in the filename. The statics-server does not implement HTML escaping when displaying the directory index, allowing an attacker to embed an HTML iframe tag with a src attribute pointing to another HTML file in the directory. This file can contain malicious JavaScript code that will be executed. The variable `v` is used in the `<a href>` element without escaping, which enables the embedding of the HTML `<iframe>` tag. **Recommendations** For statics-server versions 0.0.0 through 0.0.9, consider disabling the directory index display feature in the browser until a patch is available. Restrict access to the directory index to minimize the risk of exploitation. Avoid using the variable `v` in the `<a href>` element without proper escaping to prevent the embedding of malicious HTML code.

**Name of the Vulnerable Software and Affected Versions** query-mysql versions 0.0.0 through 0.0.2 query-mysql (all versions) **Description** The issue is related to a lack of user input sanitization, which may allow an attacker to run arbitrary SQL queries when fetching data from the database. This is due to an SQL injection vulnerability. **Recommendations** For versions 0.0.0 through 0.0.2, consider avoiding the use of this module if user input is passed into it, as no fix is currently available for this vulnerability. For all versions, it is recommended to not install or use this module if user input is passed into it, due to the lack of a fix for the SQL injection vulnerability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** glance versions <= 3.0.5 glance versions prior to 3.0.8 **Description** The issue concerns a Stored XSS vulnerability. It allows an attacker to execute JavaScript code against any user who opens a directory listing containing a crafted file name with malicious HTML, such as an embedded iframe element or a javascript: pseudo-protocol handler in an <a> element. This is only exploitable if the attacker can control the name of a file served by the glance package. **Recommendations** For glance versions <= 3.0.5, update to version 3.0.8 or later. For glance versions prior to 3.0.8, update to version 3.0.8 or later. As a temporary workaround, consider restricting access to directory listings that may contain crafted file names until a patch is available.

**Name of the Vulnerable Software and Affected Versions** public versions prior to 0.1.4 public versions <= 1.0.3 **Description** The issue allows embedding HTML in file names, which under certain conditions might lead to the execution of malicious JavaScript. This is due to the failure to sanitize filenames, enabling attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. **Recommendations** For public versions prior to 0.1.4, upgrade to version 0.1.4 or later. For public versions <= 1.0.3, upgrade to a version later than 1.0.3.

**Name of the Vulnerable Software and Affected Versions** crud-file-server versions prior to 0.8.0 **Description** The issue is related to a lack of validation of file names, leading to a Cross-Site Scripting vulnerability. This is due to insufficient sanitization of filenames when the directory index is served. **Recommendations** Update to version 0.8.0 or later.

**Name of the Vulnerable Software and Affected Versions** localhost-now versions prior to 1.0.2 **Description** The issue arises from a lack of validation of file paths, allowing a malicious user to read the content of any file with a known path. This can be exploited by a remote attacker to read arbitrary files. **Recommendations** Update to version 1.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** mcstatic versions all **Description** The mcstatic node module has a Path Traversal issue due to the lack of validation of the `filePath`, allowing a malicious user to read the content of any file with a known path. **Recommendations** For all versions, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** public versions prior to 0.1.3 **Description** The issue arises from a lack of validation of the `filePath`, allowing a malicious user to read the content of any file with a known path due to a Path Traversal vulnerability. This is caused by insufficient file path sanitization, which could lead to any file the parent process has access to on the server being read by a malicious user. **Recommendations** Update to version 0.1.3 or later. As a temporary workaround, consider restricting access to sensitive files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** bracket-template (affected versions not specified) **Description** The issue is related to reflected XSS, which can occur when a variable passed via a GET parameter is used in a template. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** serve versions prior to 6.4.9 **Description** The issue arises from the software's failure to properly handle `%2e` (.) and `%2f` (/) characters in paths, allowing a malicious user to traverse the directory tree and list the contents of any directory the user running the process has access to. This vulnerability only allows listing of directory contents and does not allow reading of arbitrary files. **Recommendations** Update to version 6.4.9 or later.

**Name of the Vulnerable Software and Affected Versions** connect node module versions prior to 2.14.0 **Description** The issue is related to a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of a file in the directory.js middleware. This allows for potential exploitation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited. **Recommendations** For versions prior to 2.14.0, update to version 2.14.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the directory.js middleware until a patch is available.

**Name of the Vulnerable Software and Affected Versions** general-file-server versions all **Description** The general-file-server node module has a Path Traversal issue due to the lack of validation of `currpath`, allowing a malicious user to read the content of any file with a known path. **Recommendations** For all versions, there is no information about a newer version that contains a fix for this issue. As a temporary workaround, consider restricting access to sensitive files until a patch is available. Avoid using the `general-file-server` module until a fix has been provided.

**Name of the Vulnerable Software and Affected Versions** hekto versions prior to 0.2.3 **Description** The hekto node module has a Path Traversal issue due to inadequate validation of file paths, allowing a malicious user to read the content of any file with a known path. This enables a remote attacker to read the content of arbitrary files. **Recommendations** Update to version 0.2.3 or later.

**Name of the Vulnerable Software and Affected Versions** glance versions prior to 3.0.4 **Description** The issue is related to a Path Traversal vulnerability due to the lack of validation of the path passed to the glance node module. This allows a malicious user to read the content of any file with a known path. **Recommendations** Update to version 3.0.4 or later.

**Name of the Vulnerable Software and Affected Versions** angular-http-server versions prior to 1.6.0 **Description** The angular-http-server node module has a Path Traversal issue due to the lack of validation of the `possibleFilename` variable, allowing a malicious user to read the content of any file with a known path. This enables a remote attacker to read files from the server that uses angular-http-server. **Recommendations** Update to version 1.6.0 or later.

**Name of the Vulnerable Software and Affected Versions** Simplehttpserver versions prior to 0.1.0 **Description** The issue arises from a lack of validation of file names, leading to a Cross-Site Scripting vulnerability. An attacker can exploit this by controlling the filename of a file used in the directory listing output. **Recommendations** For versions prior to 0.1.0, update to version 0.1.0 to resolve the issue. As a temporary workaround, consider restricting access to the directory listing output to minimize the risk of exploitation. Avoid using user-controlled filenames in the directory listing until the issue is resolved.