CVE-2013-7454

CWE-79Cross-site Scripting (XSS)5 documents4 sources
Severity
6.1MEDIUM
EPSS
0.5%
top 34.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nodejs Node.js
Timeline
PublishedJan 23
Latest updateOct 24

Description

The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

npmvalidator< 1.1.0
Ubuntuvalidator.js< 3.17.0+dfsg1-1
NVDnodejs/node.js1.0.4

🔴Vulnerability Details

4
GHSA
Multiple XSS Filter Bypasses in validator2017-10-24
OSV
Multiple XSS Filter Bypasses in validator2017-10-24
CVEList
CVE-2013-7454: The validator module before 12017-01-23
OSV
CVE-2013-7454: The validator module before 12017-01-23
CVE-2013-7454 (MEDIUM CVSS 6.1) | The validator module before 1.1.0 f | cvebase.io