GHSA-hhrp-qm88-xjr3

Source

https://github.com/advisories/GHSA-hhrp-qm88-xjr3

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/11/GHSA-hhrp-qm88-xjr3/GHSA-hhrp-qm88-xjr3.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-hhrp-qm88-xjr3

Aliases

CVE-2018-19289

Published

2018-11-21T22:19:41Z

Modified

2023-11-08T04:00:07.329332Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Valine HTML Injection

Details

An issue was discovered in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.

Database specific

{
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-79"
    ],
    "nvd_published_at": null,
    "github_reviewed_at": "2020-06-16T21:40:20Z",
    "severity": "MODERATE"
}

References

Affected packages

npm / valine

Package

Name: valine; View open source insights on deps.dev
Purl: pkg:npm/valine

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.3.4

Database specific

{
    "last_known_affected_version_range": "<= 1.3.3"
}