Description
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.
Remediation
References
https://github.com/webtorrent/webtorrent/compare/v0.107.5...v0.107.6
https://github.com/webtorrent/webtorrent/pull/1714
https://hackerone.com/reports/681617
Related Vulnerabilities
CVE-2016-4468 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-uaa
CVE-2023-27296 Vulnerability in maven package org.apache.inlong:manager-pojo
CVE-2020-29204 Vulnerability in maven package com.xuxueli:xxl-job-admin
CVE-2020-15152 Vulnerability in npm package ftp-srv
CVE-2017-18239 Vulnerability in maven package com.jason-goodwin:authentikat-jwt_2.11