Description
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.
Remediation
References
https://hackerone.com/reports/570563
Related Vulnerabilities
CVE-2021-28165 Vulnerability in maven package org.eclipse.jetty:jetty-io
CVE-2022-39944 Vulnerability in maven package org.apache.linkis:linkis-engineplugin-jdbc
CVE-2023-34624 Vulnerability in maven package net.sourceforge.htmlcleaner:htmlcleaner
CVE-2020-36320 Vulnerability in maven package com.vaadin:vaadin-server
CVE-2023-37949 Vulnerability in maven package io.jenkins.plugins:macstadium-orka