CVE-2016-10548 Information
Feb 14, 2021
cve
Description
Arbitrary code execution is possible in reduce-css-calc node module =1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the calc function.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Reference
https://gist.github.com/ChALkeR/415a41b561ebea9b341efbb40b802fc9 https://nodesecurity.io/advisories/144
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
CHANGED
Integrity Impact
LOW
Availability Impact
LOW
Base Score
NONE
Base Severity
6.1
Share on: