Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2fhw-mwg6-v7fw
Vulnerability ID VCID-2fhw-mwg6-v7fw
Aliases CVE-2019-15782
GHSA-gjh4-fcv3-whpq
Summary Cross-Site Scripting in webtorrent
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00208 https://api.first.org/data/v1/epss?cve=CVE-2019-15782
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-gjh4-fcv3-whpq
cvssv3.1 6.1 https://github.com/webtorrent/webtorrent/commit/7e829b5d52c32d2e6d8f5fbcf0f8f418fffde083
generic_textual MODERATE https://github.com/webtorrent/webtorrent/commit/7e829b5d52c32d2e6d8f5fbcf0f8f418fffde083
cvssv3.1 6.1 https://github.com/webtorrent/webtorrent/compare/v0.107.5...v0.107.6
generic_textual MODERATE https://github.com/webtorrent/webtorrent/compare/v0.107.5...v0.107.6
cvssv3.1 6.1 https://github.com/webtorrent/webtorrent/pull/1714
generic_textual MODERATE https://github.com/webtorrent/webtorrent/pull/1714
cvssv3.1 6.1 https://hackerone.com/reports/681617
generic_textual MODERATE https://hackerone.com/reports/681617
cvssv3.1 6.1 https://nvd.nist.gov/vuln/detail/CVE-2019-15782
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2019-15782
cvssv3.1 6.1 https://snyk.io/vuln/SNYK-JS-WEBTORRENT-460351
generic_textual MODERATE https://snyk.io/vuln/SNYK-JS-WEBTORRENT-460351
cvssv3.1 6.1 https://www.npmjs.com/advisories/1158
generic_textual MODERATE https://www.npmjs.com/advisories/1158
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2019-15782
https://github.com/webtorrent/webtorrent/commit/7e829b5d52c32d2e6d8f5fbcf0f8f418fffde083
https://github.com/webtorrent/webtorrent/compare/v0.107.5...v0.107.6
https://github.com/webtorrent/webtorrent/pull/1714
https://hackerone.com/reports/681617
https://snyk.io/vuln/SNYK-JS-WEBTORRENT-460351
https://www.npmjs.com/advisories/1158
CVE-2019-15782 https://nvd.nist.gov/vuln/detail/CVE-2019-15782
GHSA-gjh4-fcv3-whpq https://github.com/advisories/GHSA-gjh4-fcv3-whpq
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/webtorrent/webtorrent/commit/7e829b5d52c32d2e6d8f5fbcf0f8f418fffde083
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/webtorrent/webtorrent/compare/v0.107.5...v0.107.6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/webtorrent/webtorrent/pull/1714
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://hackerone.com/reports/681617
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-15782
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://snyk.io/vuln/SNYK-JS-WEBTORRENT-460351
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://www.npmjs.com/advisories/1158
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.43218
EPSS Score 0.00208
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-11T20:25:30.513094+00:00 GHSA Importer Import https://github.com/advisories/GHSA-gjh4-fcv3-whpq 38.6.0