Nodejs : Security Vulnerabilities, CVEs, (XSS)
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library.
Max CVSS
9.8
EPSS Score
1.53%
Published
2021-08-16
Updated
2024-01-05
A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.
Max CVSS
6.8
EPSS Score
0.16%
Published
2021-11-23
Updated
2024-01-05
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
Max CVSS
6.1
EPSS Score
0.21%
Published
2017-01-23
Updated
2017-03-29
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
Max CVSS
6.1
EPSS Score
0.10%
Published
2017-01-23
Updated
2017-01-24
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
Max CVSS
6.1
EPSS Score
0.10%
Published
2017-01-23
Updated
2017-01-24
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-01-23
Updated
2017-01-24
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the XSS filter via a nested tag.
Max CVSS
6.1
EPSS Score
0.10%
Published
2017-01-23
Updated
2017-01-24
7 vulnerabilities found