CVE-2018-16474
CVE-2018-16474
In short
The tianma-static module up to version 1.0.4 has a stored XSS vulnerability that lets attackers inject and execute malicious JavaScript code, which persists and affects all users who view the compromised content.
Technical detail
A stored cross-site scripting (XSS) vulnerability in tianma-static ≤1.0.4 allows attackers to inject arbitrary JavaScript that is permanently saved and executed in the browsers of users accessing the affected content. The vulnerability requires the ability to submit data that is stored and later rendered without proper sanitization.
Summary generated and translated by AI from the official description.
A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.
Affected products
npm · tianma-staticWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://hackerone.com/reports/403692