Vulnerabilities > Ithewei

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-29	CVE-2023-26146	Cross-site Scripting vulnerability in Ithewei Libhv All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered. network low complexity ithewei CWE-79	6.1
2023-09-29	CVE-2023-26147	Cross-site Scripting vulnerability in Ithewei Libhv All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. network low complexity ithewei CWE-79	6.1
2023-09-29	CVE-2023-26148	Injection vulnerability in Ithewei Libhv All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. network low complexity ithewei CWE-74	5.3

Vulnerabilities > Ithewei {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ithewei"}]}