Medium severity6.1NVD Advisory· Published Jun 7, 2018· Updated Jun 17, 2026
CVE-2018-3726
CVE-2018-3726
Description
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
crud-file-servernpm | < 0.8.0 | 0.8.0 |
Affected products
2- Range: Versions before 0.8.0
Patches
Vulnerability mechanics
References
5- github.com/omphalos/crud-file-server/commit/4155bfe068bf211b49a0b3ffd06e78cbaf1b40fanvdPatchThird Party AdvisoryWEB
- hackerone.com/reports/311101nvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-h24f-9mm4-w336ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3726ghsaADVISORY
- www.npmjs.com/advisories/570ghsaWEB
News mentions
0No linked articles in our index yet.