CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-16480

A XSS vulnerability was found in module public <0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 36.1%

CVSS Severity

CVSS v3 Score 6.1

CVSS v2 Score 4.3

References

https://hackerone.com/reports/329950
https://www.npmjs.com/package/public
https://hackerone.com/reports/329950
https://www.npmjs.com/package/public

Products affected by CVE-2018-16480

Public Project » Public » Version: 0.1.0

cpe:2.3:a:public_project:public:0.1.0
Public Project » Public » Version: 0.1.1

cpe:2.3:a:public_project:public:0.1.1
Public Project » Public » Version: 0.1.2

cpe:2.3:a:public_project:public:0.1.2
Public Project » Public » Version: 0.1.3

cpe:2.3:a:public_project:public:0.1.3

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-16480

Products

Pricing

Contact Us