Openjsf: Security Vulnerabilities
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-09
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-01-23
Page 2