Ecosyste.ms: Advisories

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04ZnctNTM0di14bTg1

Cross-Site Scripting (XSS) in cloudcmd

Versions of cloudcmd before 9.1.6 are vulnerable to cross-site scripting (XSS) when listing files in a directory. The attacker must control the name of a file for this vulnerability to be exploitable.

Recommendation

Update to version 9.1.6 or later.

Permalink: https://github.com/advisories/GHSA-m8fw-534v-xm85
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLW04ZnctNTM0di14bTg1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 5 years ago
Updated: over 1 year ago

Identifiers: GHSA-m8fw-534v-xm85
References:

• https://github.com/coderaiser/cloudcmd/commit/23f4d4702cd3d473977285f26ea2ae7206b45f38
• https://hackerone.com/reports/341044
• https://hackerone.com/reports/341044)
• https://www.npmjs.com/advisories/642
• https://github.com/advisories/GHSA-m8fw-534v-xm85

Repository: https://github.com/coderaiser/cloudcmd
Blast Radius: 0.0

Affected Packages