Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-16474 Vulnerability in npm package tianma-static

Description

A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.

Remediation

References

https://hackerone.com/reports/403692

Related Vulnerabilities

CVE-2022-0239 Vulnerability in maven package edu.stanford.nlp:stanford-corenlp

CVE-2018-1002203 Vulnerability in npm package unzipper

CVE-2023-36665 Vulnerability in maven package org.webjars.npm:github-com-protobufjs-protobuf-js

CVE-2023-25345 Vulnerability in npm package swig

CVE-2020-6427 Vulnerability in maven package org.webjars.npm:electron

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Exploit Vendor Advisory