Cross-Site Scripting Vulnerability in SimpleHTTPServer Node Module
CVE-2018-3716

5.4MEDIUM

Key Information:

Vendor: Hackerone
Status: Simplehttpserver Node Module
Vendor: CVE Published:; 7 June 2018

What is CVE-2018-3716?

The SimpleHTTPServer node module is susceptible to a Cross-Site Scripting (XSS) attack due to inadequate validation of file names. This vulnerability can allow attackers to execute malicious scripts in the context of a victim's web browser, potentially compromising sensitive user data. Proper input validation and sanitization measures are critical to mitigate such threats.

Affected Version(s)

simplehttpserver node module All versions

References

https://hackerone.com/reports/309648

x_refsource_MISC

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 7, 2018
Vulnerability Reserved
Dec 28, 2017

Hackerone

What is CVE-2018-3716?

Affected Version(s)

References

CVSS V3.1

Timeline