Page 4 of 43 results (0.008 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2013-7453

https://notcve.org/view.php?id=CVE-2013-7453

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing. El módulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos de sitios cruzados (XSS) a través de un vector relacionado con la reparación de IU. • http://www.openwall.com/lists/oss-security/2016/04/20/11 https://nodesecurity.io/advisories/41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2015-8855

https://notcve.org/view.php?id=CVE-2015-8855

The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." El paquete semver en versiones anteriores a 4.3.2 para Node.js permite a atacantes provocar una denegación de servicio (consumo de CPU) a través de una cadena de versión larga, vulnerabilidad también conocida como "denegación de servicio de expresión regular (ReDoS)". • http://www.openwall.com/lists/oss-security/2016/04/20/11 http://www.securityfocus.com/bid/86957 https://nodesecurity.io/advisories/31 • CWE-399: Resource Management Errors •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2013-7452

https://notcve.org/view.php?id=CVE-2013-7452

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI. El módulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos en sitios cruzados (XSS) a través de una URI javascript manipulada. • http://www.openwall.com/lists/oss-security/2016/04/20/11 https://nodesecurity.io/advisories/41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

CVE-2013-7454

https://notcve.org/view.php?id=CVE-2013-7454

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings. El módulo validator en versiones anteriores a 1.1.0 para Node.js permite a atacantes remotos eludir el filtro de secuencias de comandos en sitios cruzados (XSS) a través de cadenas prohibidas anidadas. • http://www.openwall.com/lists/oss-security/2016/04/20/11 https://nodesecurity.io/advisories/41 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 98EXPL: 0

CVE-2016-5325 – nodejs: reason argument in ServerResponse#writeHead() not properly validated

https://notcve.org/view.php?id=CVE-2016-5325

CRLF injection vulnerability in the ServerResponse#writeHead function in Node.js 0.10.x before 0.10.47, 0.12.x before 0.12.16, 4.x before 4.6.0, and 6.x before 6.7.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the reason argument. Vulnerabilidad de inyección CRLF en la función ServerResponse#writeHead en Node.js 0.10.x en versiones anteriores a 0.10.47, 0.12.x en versiones anteriores a 0.12.16, 4.x en versiones anteriores a 4.6.0 y 6.x en versiones anteriores a 6.7.0 permite a atacantes remotos inyectar cabeceras HTTP arbitrarias y llevar a cabo ataques de separación de respuesta HTTP a través del argumento de la razón. It was found that the reason argument in ServerResponse#writeHead() was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially-crafted HTTP request. • http://lists.opensuse.org/opensuse-security-announce/2016-10/msg00013.html http://rhn.redhat.com/errata/RHSA-2017-0002.html http://www.securityfocus.com/bid/93483 https://access.redhat.com/errata/RHSA-2016:2101 https://github.com/nodejs/node/commit/c0f13e56a20f9bde5a67d873a7f9564487160762 https://nodejs.org/en/blog/vulnerability/september-2016-security-releases https://security.gentoo.org/glsa/201612-43 https://access.redhat.com/security/cve/CVE-2016-5325 https://bugzilla.redhat.com/show_bug • CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') •