Description
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.
Remediation
References
https://hackerone.com/reports/570563
Related Vulnerabilities
CVE-2020-7767 Vulnerability in npm package express-validators
CVE-2021-28092 Vulnerability in maven package org.webjars:is-svg
CVE-2022-25876 Vulnerability in npm package link-preview-js
CVE-2022-36007 Vulnerability in maven package com.github.jlangch:venice
CVE-2017-18869 Vulnerability in maven package org.webjars.npm:chownr