Description
WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.
Remediation
References
https://github.com/webtorrent/webtorrent/compare/v0.107.5...v0.107.6
https://github.com/webtorrent/webtorrent/pull/1714
https://hackerone.com/reports/681617
Related Vulnerabilities
CVE-2013-2160 Vulnerability in maven package org.codehaus.woodstox:woodstox-core-asl
CVE-2020-17530 Vulnerability in maven package org.apache.struts:struts2-core
CVE-2021-41097 Vulnerability in npm package aurelia-path
CVE-2016-2510 Vulnerability in maven package org.apache-extras.beanshell:bsh
CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http_2.13