HTML Injection

Affecting valine package, ALL versions

medium severity

Overview

valine is a fast, simple & powerful comment system.

Affected versions of this package are vulnerable to HTML Injection. While uploading a PDF file, An attacker could inject a java script code.

Remediation

There is no fix version for valine.

References

Do your applications use this vulnerable package?

Credit
Unknown
CVE
CVE-2018-19289
CWE
CWE-80
Snyk ID
SNYK-JS-VALINE-72627
Disclosed
15 Nov, 2018
Published
22 Nov, 2018