CVE-2019-25084
LOWhide_files_on_github < 3.0.0 - Cross-Site Scripting in options.js Event Listener
Title source: llmDescription
A vulnerability, which was classified as problematic, has been found in Hide Files on GitHub up to 2.x. This issue affects the function addEventListener of the file extension/options.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.0.0 is able to address this issue. The name of the patch is 9de0c57df81db1178e0e79431d462f6d9842742e. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216767.
References (5)
Core 5
Core References
Third Party Advisory vdb-entry
technical-description
https://vuldb.com/?id.216767
Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.216767
Patch, Third Party Advisory issue-tracking
https://github.com/sindresorhus/hide-files-on-github/pull/73
Patch, Third Party Advisory patch
https://github.com/sindresorhus/hide-files-on-github/commit/9de0c57df81db1178e0e79431d462f6d9842742e
Release Notes, Third Party Advisory patch
https://github.com/sindresorhus/hide-files-on-github/releases/tag/3.0.0
Scores
CVSS v3
3.5
EPSS
0.0052
EPSS Percentile
40.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
hide_files_on_github_project/hide_files_on_github
< 3.0.0
Published
Dec 25, 2022
Tracked Since
Feb 18, 2026