Description

Characters in the GET url path are not properly escaped and can be reflected in the server response.

Remediation

References

https://snyk.io/vuln/SNYK-JS-IOBROKERWEB-534971

Related Vulnerabilities

CVE-2022-25646 Vulnerability in npm package x-data-spreadsheet

CVE-2020-2258 Vulnerability in maven package org.jenkins-ci.plugins:cloudbees-jenkins-advisor

CVE-2017-16175 Vulnerability in npm package ewgaddis.lab6

CVE-2018-6184 Vulnerability in npm package next

CVE-2022-29599 Vulnerability in maven package org.apache.maven.shared:maven-shared-utils

Severity

High

Classification

CWE-79 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory