Vulnerability Database

308,681

Total vulnerabilities in the database

CVE-2018-3748

There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. File name, which contains malicious HTML (eg. embedded iframe element or javascript: pseudo-protocol handler in <a> element) allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name.

Published: Jul 3, 2018
Updated: Nov 9, 2025
CVE: CVE-2018-3748
GHSA: GHSA-7375-vjr2-3g7w
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
glance_project / glance	3.0.5	3.0.5.x
glance	-	3.0.8

https://github.com/jarofghosts/glance/commit/cdc68bb68d785343ddb829f1adc130cdd6169533
https://hackerone.com/reports/310133
https://www.npmjs.com/advisories/610

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo