npm package
html-pages
pkg:npm/html-pages
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-16481 | — | <= 3.1.0 | — | Feb 1, 2019 | A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering. | ||
| CVE-2018-3744 | — | <= 2.1.2 | — | May 29, 2018 | The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL. |
- CVE-2018-16481Feb 1, 2019affected <= 3.1.0
A XSS vulnerability was found in html-page <=2.1.1 that allows malicious Javascript code to be executed in the user's browser due to the absence of sanitization of the paths before rendering.
- CVE-2018-3744May 29, 2018affected <= 2.1.2
The html-pages node module contains a path traversal vulnerabilities that allows an attacker to read any file from the server with cURL.