CVE-2013-7371Cross-site Scripting in Node-connect

CWE-79Cross-site Scripting6 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
0.6%
top 31.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Node-connectSencha ConnectAdobe Connect+1 more
Timeline
PublishedDec 11
Latest updateMay 5

Description

node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

NVDsencha/connect< 2.8.2
CVEListV5node-connect/node-connect< 2.8.2
Ubuntunode-connect/node-connect< 3.3.0-1
npmadobe/connect< 2.8.2

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

4
GHSA
Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware2022-05-05
OSV
Node Connect Reflected Cross-Site Scripting in Sencha Labs Connect middleware2022-05-05
OSV
CVE-2013-7371: node-connects before 22019-12-11
CVEList
CVE-2013-7371: node-connects before 22019-12-11

📋Vendor Advisories

1
Debian
CVE-2013-7371: node-connect - node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middl...2013
CVE-2013-7371 — Cross-site Scripting in Node-connect | cvebase