CVE-2022-25847, GHSA-j8x7-qcw4-xx85
npm/serve-lite
Improper Neutralization
All versions of the package serve-lite is vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.
All versions
Unfortunately, there is no solution available yet.
2023-01-31
source |