Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Joyent Node.js Express web framework 跨站脚本漏洞
Vulnerability Description
Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。Express web framework是其中的一个轻量级Web框架。 Joyent Node.js中的Express web framework 3.11之前的版本和4.5之前的4.x版本存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。
CVSS Information
N/A
Vulnerability Type
N/A