HTML Injection
Affecting valine package, ALL versions
medium severity
Overview
valine is a fast, simple & powerful comment system.
Affected versions of this package are vulnerable to HTML Injection. While uploading a PDF file, An attacker could inject a java script code.
Remediation
There is no fix version for valine.
References
Do your applications use this vulnerable package?
- Credit
- Unknown
- CVE
- CVE-2018-19289
- CWE
- CWE-80
- Snyk ID
- SNYK-JS-VALINE-72627
- Disclosed
- 15 Nov, 2018
- Published
- 22 Nov, 2018