XSS Vulnerability in html-page by Rishabh Verma
CVE-2018-16481

6.1MEDIUM

Key Information:

Vendor: Hackerone
Status: Html-pages
Vendor: CVE Published:; 1 February 2019

What is CVE-2018-16481?

A Cross-Site Scripting (XSS) vulnerability exists in the html-page product, which allows malicious JavaScript code to be executed in a user's browser. This flaw is due to inadequate sanitization of paths before rendering, potentially enabling attackers to inject harmful scripts. Users of html-page versions less than or equal to 2.1.1 are particularly at risk, as the vulnerability could lead to unauthorized actions or data exposure when visiting affected pages.

Affected Version(s)

html-pages <=2.1.1

References

https://hackerone.com/reports/330356

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2019
Vulnerability Reserved
Sep 4, 2018

Hackerone

What is CVE-2018-16481?

Affected Version(s)

References

CVSS V3.1

Timeline