Known CVE vulnerabilities and GitHub Security Advisories affecting the npm package connect, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVE-2013-7371 — CVSS 6.1 (medium): node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for…
CVE-2018-3717 — CVSS 5.4 (medium): connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in…