A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| html-pages_project | html-pages | * |
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-35,CWE-22,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| html-pages_project | html-pages | 2.0.7 |