Description
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.
Remediation
References
https://github.com/webtorrent/webtorrent/compare/v0.107.5...v0.107.6
https://github.com/webtorrent/webtorrent/pull/1714
https://hackerone.com/reports/681617
Related Vulnerabilities
CVE-2024-36401 Vulnerability in maven package org.geoserver.web:gs-web-app
CVE-2022-28366 Vulnerability in maven package org.codelibs:nekohtml
CVE-2020-13934 Vulnerability in maven package org.apache.tomcat:tomcat-coyote
CVE-2020-19676 Vulnerability in maven package com.alibaba.nacos:nacos-api
CVE-2017-7661 Vulnerability in maven package org.apache.cxf.fediz:fediz-spring