CVE-2018-19289 – valine

Package

Manager: npm
Name: valine
Vulnerable Version: >=0 <1.3.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00427 pctl0.61603

Details

Valine HTML Injection An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.

Metadata

Created: 2018-11-21T22:19:41Z
Modified: 2023-09-07T18:23:41Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-hhrp-qm88-xjr3/GHSA-hhrp-qm88-xjr3.json
CWE IDs: ["CWE-79"]
Alternative ID: GHSA-hhrp-qm88-xjr3
Finding: F008
Auto approve: 1