PT-2019-9305 · Unknown+1 · Html-Pages

Tungpun

Published

2019-02-01

Updated

2019-10-09

CVE-2018-16481

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions html-page versions prior to 2.1.1 html-pages (affected versions not specified)

Description A Cross-Site Scripting (XSS) issue was discovered, allowing malicious JavaScript code to be executed in the user's browser due to the lack of sanitization of folder names and paths before rendering. This enables attackers to execute arbitrary JavaScript in the victim's browser through folders with names containing malicious code.

Recommendations For html-page versions prior to 2.1.1, consider using an alternative package until a fix is made available. For html-pages, consider using an alternative package until a fix is made available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-64CWE-79

Related Identifiers

CVE-2018-16481

GHSA-5P26-HW7F-3CPR

Affected Products

Html-Pages

PT-2019-9305 · Unknown+1 · Html-Pages

CVE-2018-16481

Weakness Enumeration

Related Identifiers

Affected Products

References · 5