Description
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.
Remediation
References
https://hackerone.com/reports/570563
Related Vulnerabilities
CVE-2020-14966 Vulnerability in maven package org.webjars.bowergithub.kjur:jsrsasign
CVE-2018-1002203 Vulnerability in maven package org.webjars.npm:unzipper
CVE-2020-28423 Vulnerability in npm package monorepo-build
CVE-2020-8123 Vulnerability in npm package strapi
CVE-2017-17837 Vulnerability in maven package org.apache.deltaspike.modules:jsf-module-project