Vulnerabilities > Nodejs > Node JS > 0.11.16

DATE CVE VULNERABILITY TITLE RISK
2017-01-23 CVE-2013-7453 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
network
nodejs CWE-79
4.3
4.3
2017-01-23 CVE-2013-7452 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
network
nodejs CWE-79
4.3
4.3
2016-09-16 CVE-2016-6303 Out-of-bounds Write vulnerability in multiple products
Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c in OpenSSL before 1.1.0 allows remote attackers to cause a denial of service (out-of-bounds write and application crash) or possibly have unspecified other impact via unknown vectors.
network
low complexity
nodejs openssl CWE-787
critical
 9.8
9.8
2016-04-07 CVE-2016-2216 Improper Input Validation vulnerability in multiple products
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a. 		4.3
4.3