CVE-2013-7451

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
6.1MEDIUM
EPSS
0.6%
top 31.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nodejs Node.js
Timeline
PublishedJan 23
Latest updateOct 24

Description

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

npmvalidator< 1.1.0
Ubuntuvalidator.js< 3.17.0+dfsg1-1
NVDnodejs/node.js1.0.4

🔴Vulnerability Details

4
GHSA
Moderate severity vulnerability that affects validator2017-10-24
OSV
Moderate severity vulnerability that affects validator2017-10-24
OSV
CVE-2013-7451: The validator module before 12017-01-23
CVEList
CVE-2013-7451: The validator module before 12017-01-23
CVE-2013-7451 (MEDIUM CVSS 6.1) | The validator module before 1.1.0 f | cvebase.io