PT-2023-10166 · Unknown · Dart Http Server
Published
2023-04-10
·
Updated
2024-05-17
·
CVE-2014-125098
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Dart http server versions up to 0.9.5
Description
A issue was found in the Directory Listing Handler component, specifically in the
VirtualDirectory function of the lib/src/virtual directory.dart file. The manipulation of the request.uri.path argument leads to cross-site scripting. This issue can be exploited remotely.Recommendations
For Dart http server versions up to 0.9.5, upgrade to version 0.9.6 to address this issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dart Http Server