Moderate severityNVD Advisory· Published Jun 7, 2018· Updated Sep 17, 2024
CVE-2018-3726
CVE-2018-3726
Description
crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
crud-file-servernpm | < 0.8.0 | 0.8.0 |
Affected products
1- Range: Versions before 0.8.0
Patches
14155bfe068bfVulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- github.com/advisories/GHSA-h24f-9mm4-w336ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-3726ghsaADVISORY
- github.com/omphalos/crud-file-server/commit/4155bfe068bf211b49a0b3ffd06e78cbaf1b40faghsax_refsource_MISCWEB
- hackerone.com/reports/311101ghsax_refsource_MISCWEB
- www.npmjs.com/advisories/570ghsaWEB
News mentions
0No linked articles in our index yet.