{"id":"CVE-2019-15782","details":"WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name.","aliases":["GHSA-gjh4-fcv3-whpq"],"modified":"2026-04-10T04:15:03.574263Z","published":"2019-08-29T12:15:11.687Z","references":[{"type":"WEB","url":"https://hackerone.com/reports/681617"},{"type":"FIX","url":"https://github.com/webtorrent/webtorrent/pull/1714"},{"type":"FIX","url":"https://github.com/webtorrent/webtorrent/compare/v0.107.5...v0.107.6"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/webtorrent/webtorrent","events":[{"introduced":"0"},{"fixed":"b3b9541c4a9ea421c93691ccb8edefb2097fa062"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.107.6"}]}}],"versions":["v0.1.2","v0.10.0","v0.10.1","v0.10.2","v0.10.3","v0.100.0","v0.101.0","v0.101.1","v0.101.2","v0.102.0","v0.102.1","v0.102.2","v0.102.3","v0.102.4","v0.103.0","v0.103.1","v0.103.2","v0.103.3","v0.103.4","v0.104.0","v0.105.0","v0.105.1","v0.105.2","v0.105.3","v0.106.0","v0.107.0","v0.107.1","v0.107.2","v0.107.3","v0.107.4","v0.107.5","v0.11.0","v0.11.1","v0.11.2","v0.11.3","v0.12.0","v0.12.1","v0.13.0","v0.13.1","v0.14.0","v0.15.0","v0.16.0","v0.17.0","v0.17.1","v0.18.0","v0.19.0","v0.19.1","v0.2.0","v0.2.10","v0.2.11","v0.2.12","v0.2.13","v0.2.14","v0.2.15","v0.2.16","v0.2.17","v0.2.18","v0.2.2","v0.2.3","v0.2.4","v0.2.5","v0.2.6","v0.2.7","v0.2.8","v0.2.9","v0.20.0","v0.21.0","v0.22.0","v0.22.1","v0.23.0","v0.24.0","v0.25.0","v0.26.0","v0.27.0","v0.27.1","v0.27.2","v0.27.3","v0.28.0","v0.29.0","v0.29.1","v0.29.2","v0.29.3","v0.29.4","v0.3.0","v0.3.1","v0.3.2","v0.3.3","v0.30.0","v0.31.0","v0.32.0","v0.33.0","v0.34.0","v0.35.0","v0.36.0","v0.37.0","v0.37.1","v0.37.2","v0.38.0","v0.39.0","v0.4.0","v0.40.0","v0.40.1","v0.40.2","v0.41.0","v0.42.0","v0.42.1","v0.43.0","v0.43.1","v0.44.0","v0.45.0","v0.46.0","v0.47.0","v0.47.1","v0.48.0","v0.48.1","v0.48.2","v0.48.4","v0.48.5","v0.48.6","v0.49.0","v0.49.1","v0.49.2","v0.5.0","v0.5.1","v0.5.2","v0.5.3","v0.5.4","v0.50.0","v0.50.1","v0.50.2","v0.50.3","v0.51.0","v0.51.1","v0.52.0","v0.52.1","v0.53.0","v0.53.1","v0.53.2","v0.53.3","v0.53.4","v0.54.0","v0.54.1","v0.54.2","v0.54.3","v0.55.0","v0.55.1","v0.56.0","v0.57.0","v0.58.0","v0.59.0","v0.6.0","v0.60.0","v0.60.1","v0.62.0","v0.62.1","v0.62.2","v0.63.0","v0.63.1","v0.63.2","v0.63.3","v0.63.4","v0.64.0","v0.65.0","v0.65.1","v0.66.0","v0.67.0","v0.67.1","v0.68.0","v0.69.0","v0.7.0","v0.7.1","v0.7.2","v0.7.3","v0.70.0","v0.71.0","v0.71.1","v0.71.2","v0.71.3","v0.71.4","v0.72.0","v0.72.1","v0.72.2","v0.73.0","v0.73.2","v0.74.0","v0.74.1","v0.74.2","v0.75.0","v0.76.0","v0.77.0","v0.78.0","v0.78.1","v0.79.0","v0.79.1","v0.8.0","v0.8.1","v0.8.2","v0.80.0","v0.81.0","v0.81.1","v0.81.2","v0.82.0","v0.82.1","v0.83.0","v0.84.0","v0.84.1","v0.85.0","v0.85.1","v0.85.2","v0.85.3","v0.85.4","v0.86.0","v0.86.1","v0.86.2","v0.87.0","v0.87.1","v0.88.0","v0.88.1","v0.88.2","v0.88.3","v0.89.0","v0.9.0","v0.90.0","v0.90.1","v0.90.2","v0.90.3","v0.91.0","v0.91.1","v0.91.2","v0.91.3","v0.91.4","v0.92.0","v0.93.0","v0.93.1","v0.93.2","v0.93.3","v0.93.4","v0.94.0","v0.94.1","v0.94.2","v0.94.3","v0.94.4","v0.95.0","v0.95.1","v0.95.2","v0.95.3","v0.95.4","v0.95.5","v0.95.6","v0.96.0","v0.96.1","v0.96.2","v0.96.3","v0.96.4","v0.96.5","v0.97.2","v0.98.0","v0.98.1","v0.98.10","v0.98.11","v0.98.12","v0.98.13","v0.98.14","v0.98.15","v0.98.16","v0.98.17","v0.98.18","v0.98.19","v0.98.2","v0.98.20","v0.98.21","v0.98.22","v0.98.23","v0.98.24","v0.98.3","v0.98.4","v0.98.5","v0.98.6","v0.98.7","v0.98.8","v0.98.9","v0.99.0","v0.99.1","v0.99.2","v0.99.3","v0.99.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-15782.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}]}