MidnightBSD

Advisories for html-pages_project

CVE-2018-16481 MEDIUM

A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,CWE-79,

Products Affected

Vendor Product Version
html-pages_project html-pages *
CVE-2018-3744 MEDIUM

The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-35,CWE-22,

Products Affected

Vendor Product Version
html-pages_project html-pages 2.0.7