CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Glance Project: >> Glance >> 3.0.5 Security Vulnerabilities

CVE-2022-25937

Versions of the package glance before 3.0.9 are vulnerable to Directory Traversal that allows users to read files outside the public root directory. This is related to but distinct from the vulnerability reported in [CVE-2018-3715](https://security.snyk.io/vuln/npm:glance:20180129).

CVSS Score

6.5

EPSS Score

0.002

Published

2023-02-13

CVE-2018-3748

There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.

CVSS Score

6.1

EPSS Score

0.003

Published

2018-07-03

Page 1

Vulnerabilities

Vulnerable Software

Glance Project: >> Glance >> 3.0.5 Security Vulnerabilities

Products

Pricing

Contact Us