Vulnerability Details CVE-2018-12519
An issue was discovered in ShopNx through 2017-11-17. The vulnerability allows a remote attacker to upload any malicious file to a Node.js application. An attacker can upload a malicious HTML file that contains a JavaScript payload to steal a user's credentials.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.067
EPSS Ranking 90.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 4.0
References