CVE-2019-12313

MEDIUM

Shave < 2.5.3 - Cross-Site Scripting via HTML Element Overwrite

Title source: llm
STIX 2.1

Description

XSS exists in Shave before 2.5.3 because output encoding is mishandled during the overwrite of an HTML element.

Scores

CVSS v3 6.1
EPSS 0.0126
EPSS Percentile 66.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (2)
dollarshaveclub/shave < 2.5.3
npm/shave 0 - 2.5.3npm
Published May 24, 2019
Tracked Since Feb 18, 2026