Description
XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server.
Remediation
References
https://hackerone.com/reports/331110
Related Vulnerabilities
CVE-2020-15250 Vulnerability in maven package junit:junit
CVE-2016-10598 Vulnerability in npm package arrayfire-js
CVE-2022-25937 Vulnerability in npm package glance
CVE-2019-19771 Vulnerability in npm package bictoinjs-lib
CVE-2023-47323 Vulnerability in maven package org.silverpeas.core:silverpeas-core-web