CVE-2019-25084

LOW

hide_files_on_github < 3.0.0 - Cross-Site Scripting in options.js Event Listener

Title source: llm
STIX 2.1

Description

A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 9de0c57df81db1178e0e79431d462f6d9842742e. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216767.

References (5)

Core 5
Core References
Third Party Advisory vdb-entry technical-description
https://vuldb.com/?id.216767
Third Party Advisory signature permissions-required
https://vuldb.com/?ctiid.216767
Patch, Third Party Advisory issue-tracking
https://github.com/sindresorhus/hide-files-on-github/pull/73

Scores

CVSS v3 3.5
EPSS 0.0052
EPSS Percentile 40.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
hide_files_on_github_project/hide_files_on_github < 3.0.0
Published Dec 25, 2022
Tracked Since Feb 18, 2026