CVE-2013-7370 — Cross-site Scripting in Node-connect

CWE-79 — Cross-site Scripting9 documents7 sources

Severity

6.1MEDIUMNVD

EPSS

1.1%

top 22.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Node-connect Sencha Connect Adobe Connect +3 more

Timeline

PublishedDec 11

Latest updateMay 5

Description

node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages6 packages

▶NVDsencha/connect< 2.8.1

▶CVEListV5node-connect/node-connect< 2.8.2

▶Debiannode-connect/node-connect< 3.0.0-1+3

▶npmadobe/connect< 2.8.1

▶NVDredhat/openshift2.0

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗

🔴Vulnerability Details

GHSA

Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware↗2022-05-05

▶

GHSA

methodOverride Middleware Reflected Cross-Site Scripting in connect↗2020-08-31

▶

OSV

methodOverride Middleware Reflected Cross-Site Scripting in connect↗2020-08-31

▶

CVEList

CVE-2013-7370: node-connect before 2↗2019-12-11

▶

OSV

CVE-2013-7370: node-connect before 2↗2019-12-11

▶

📋Vendor Advisories

Red Hat

nodejs-connect: XSS via HTTP request with a crafted method containing JavaScript↗2013-07-01

▶

Debian

CVE-2013-7370: node-connect - node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware↗2013

▶

💬Community

Bugzilla

CVE-2013-7370 nodejs-connect: XSS via HTTP request with a crafted method containing JavaScript↗2014-04-25

▶