Description
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves.
Remediation
References
https://hackerone.com/reports/507159
Related Vulnerabilities
CVE-2022-37223 Vulnerability in maven package com.jflyfox:jflyfox_jfinal
CVE-2022-45210 Vulnerability in maven package org.jeecgframework.boot:jeecg-module-system
CVE-2020-7693 Vulnerability in maven package org.webjars.npm:sockjs
CVE-2019-15477 Vulnerability in maven package org.jooby:jooby
CVE-2022-3971 Vulnerability in npm package matrix-appservice-irc