Vulnerabilities/

Cross-Site Scripting in html-pages

Severity:
Medium

Description

All versions of html-pages are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize folder names, allowing attackers to execute arbitrary JavaScript in the victim’s browser through folders with names containing malicious code.

Recommendation

No fix is available yet. Followings are affected versions:

References

Related Issues

Tags:
npm
html-pages
Anything's wrong? Let us know Last updated on September 12, 2023

This issue is available in SmartScanner Professional

See Pricing