HTML Injection
Affecting valine package, ALL versions
Overview
valine is a fast, simple & powerful comment system.
Affected versions of this package are vulnerable to HTML Injection. While uploading a PDF file, An attacker could inject a java script code.
Remediation
There is no fix version for valine
.
References
Do your applications use this vulnerable package?
CVSS Score
5.9
medium severity
-
Attack VectorNetwork
-
Attack ComplexityHigh
-
Privileges RequiredNone
-
User InteractionNone
-
ScopeUnchanged
-
ConfidentialityHigh
-
IntegrityNone
-
AvailabilityNone
- Credit
- Unknown
- CVE
- CVE-2018-19289
- CWE
- CWE-80
- Snyk ID
- SNYK-JS-VALINE-72627
- Disclosed
- 15 Nov, 2018
- Published
- 22 Nov, 2018