The Express web framework prior to 3.11 and 4.x prior to 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openjsf express 4.4.5 |
||
openjsf express |
||
openjsf express 4.2.0 |
||
openjsf express 4.3.0 |
||
openjsf express 4.3.1 |
||
openjsf express 4.3.2 |
||
openjsf express 4.4.0 |
||
openjsf express 4.1.0 |
||
openjsf express 4.1.2 |
||
openjsf express 4.4.2 |
||
openjsf express 4.4.4 |
||
openjsf express 4.0.0 |
||
openjsf express 4.1.1 |
||
openjsf express 4.4.1 |
||
openjsf express 4.4.3 |