npm package
vvvebjs
pkg:npm/vvvebjs
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-29272 | — | < 1.7.5 | 1.7.5 | Mar 22, 2024 | Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. | ||
| CVE-2024-29271 | — | < 1.7.5 | 1.7.5 | Mar 22, 2024 | Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. |
- CVE-2024-29272Mar 22, 2024affected < 1.7.5fixed 1.7.5
Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.
- CVE-2024-29271Mar 22, 2024affected < 1.7.5fixed 1.7.5
Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.