CVE-2018-3716

MEDIUM

Simplehttpserver < 0.1.0 - XSS

Title source: rule

Description

simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names.

Exploits (1)

github NO CODE
by bl4de · poc
https://github.com/bl4de/CVEs/tree/master/CVE-2018-3716

References (1)

Scores

CVSS v3 5.4
EPSS 0.0022
EPSS Percentile 44.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
npm/simplehttpserver 0 - 0.1.0npm
simplehttpserver_project/simplehttpserver
Published Jun 07, 2018
Tracked Since Feb 18, 2026