epic icon indicating copy to clipboard operation
epic copied to clipboard

Published 20 hours ago verified publisher icon d4nyll

CVE-2017-6589 Medium Severity Vulnerability detected by WhiteSource

Open mend-bolt-for-github[bot] opened this issue 6 years ago • 0 comments

CVE-2017-6589 - Medium Severity Vulnerability

Vulnerable Library - nodeclub0.3.6

:baby_chick:Nodeclub 是使用 Node.js 和 MongoDB 开发的社区系统

Library home page: https://github.com/cnodejs/nodeclub.git

Library Source Files (1)

* The source files were matched to this source library based on a best effort match. Source libraries are selected from a list of probable public libraries.

  • /epic/lib/0.2.2/js/epiceditor.js

Vulnerability Details

EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. An example attack vector is a crafted IMG element in an HTML document.

Publish Date: 2017-03-09

URL: CVE-2017-6589

CVSS 3 Score Details (6.1)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: Required
    • Scope: Changed
  • Impact Metrics:
    • Confidentiality Impact: Low
    • Integrity Impact: Low
    • Availability Impact: None
For more information on CVSS3 Scores, click here.

Step up your Open Source Security Game with WhiteSource here

mend-bolt-for-github[bot] avatar Dec 05 '18 13:12 mend-bolt-for-github[bot]