Description
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.
Remediation
References
https://github.com/webtorrent/webtorrent/compare/v0.107.5...v0.107.6
https://github.com/webtorrent/webtorrent/pull/1714
https://hackerone.com/reports/681617
Related Vulnerabilities
CVE-2021-23807 Vulnerability in npm package jsonpointer
CVE-2021-45459 Vulnerability in npm package node-windows
CVE-2021-33611 Vulnerability in maven package org.webjars.bowergithub.vaadin:vaadin-menu-bar
CVE-2016-15025 Vulnerability in npm package generator-hottowel
CVE-2023-26055 Vulnerability in maven package org.xwiki.commons:xwiki-commons-xml