generator-hottowel 404 Error _app.js cross site scripting
Description
A vulnerability, which was classified as problematic, was found in generator-hottowel 0.0.11. Affected is an unknown function of the file app/templates/src/server/_app.js of the component 404 Error Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is c17092fd4103143a9ddab93c8983ace8bf174396. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-221484.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
generator-hottowelnpm | < 0.5.0 | 0.5.0 |
Affected products
2- generator-hottowel/generator-hottoweldescription
Patches
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
6- github.com/johnpapa/generator-hottowel/commit/c17092fd4103143a9ddab93c8983ace8bf174396ghsapatchWEB
- github.com/advisories/GHSA-f8hv-rx9p-f9r4ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-15025ghsaADVISORY
- github.com/johnpapa/generator-hottowel/pull/174ghsaissue-trackingWEB
- vuldb.comghsasignaturepermissions-requiredWEB
- vuldb.comghsavdb-entrytechnical-descriptionWEB
News mentions
0No linked articles in our index yet.