Description

Forms is a library for easily creating HTML forms. Versions before 1.3.0 did not have proper html escaping. This means that if the application did not sanitize html on behalf of forms, use of forms may be vulnerable to cross site scripting

Remediation

References

https://nodesecurity.io/advisories/158

https://github.com/caolan/forms/commit/bc01e534a0ff863dedb2026a50bd03153bbc6a5d

Related Vulnerabilities

CVE-2021-41973 Vulnerability in maven package org.apache.mina:mina-http

CVE-2020-8929 Vulnerability in maven package com.google.crypto.tink:tink

CVE-2021-44878 Vulnerability in maven package org.pac4j:pac4j-core

CVE-2016-5003 Vulnerability in maven package org.apache.xmlrpc:xmlrpc

CVE-2021-3690 Vulnerability in maven package io.undertow:undertow-core

Severity

High

Classification

CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Third Party Advisory Patch