### [CVE-2017-16018](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16018)
![](https://img.shields.io/static/v1?label=Product&message=restify%20node%20module&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3E%3D2.0.0%20%3C%3D4.0.4%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Cross-site%20Scripting%20(XSS)%20-%20Generic%20(CWE-79)&color=brightgreen)

### Description

Restify is a framework for building REST APIs. Restify >=2.0.0 <=4.0.4 using URL encoded script tags in a non-existent URL, an attacker can get script to run in some browsers.

### POC

#### Reference
- https://github.com/restify/node-restify/issues/1018

#### Github
- https://github.com/ossf-cve-benchmark/CVE-2017-16018