Description
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.
Remediation
References
https://hackerone.com/reports/331110
Related Vulnerabilities
CVE-2022-39299 Vulnerability in npm package @node-saml/passport-saml
CVE-2010-2076 Vulnerability in maven package org.apache.axis2:axis2-kernel
CVE-2022-41915 Vulnerability in maven package io.netty:netty-codec
CVE-2022-43183 Vulnerability in maven package com.xuxueli:xxl-job-core
CVE-2020-26870 Vulnerability in maven package org.webjars.bowergithub.cure53:dompurify