CVE-2019-19733

getallfileserverpaths.ajax.php aka getallfileserverpaths.ajax.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the fileIds parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS...

CVE-2019-19829

A cross-site scripting XSS vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182...

GHSA-85RF-XH54-WHP3 Malicious URL drafting attack against iodines static file server may allow path traversal

Impact A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version. Malicious URL drafting may cause the static file server to attempt a response containing data from file...

Malicious URL drafting attack against iodines static file server may allow path traversal

Impact A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version. Malicious URL drafting may cause the static file server to attempt a response containing data from file...

Malicious URL drafting attack against iodines static file server may allow path traversal

Impact A path traversal vulnerability was detected in iodine's static file service. This vulnerability effects any application running iodine's static file server on an effected iodine version. Malicious URL drafting may cause the static file server to attempt a response containing data from file...

Cross-Site Scripting

Overview All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently availabl...

GHSA-7J93-2H6R-HM49 Cross-Site Scripting in http-file-server

All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consid...

Cross-Site Scripting in http-file-server

All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consid...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

Cross site scripting

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5458

CVE-2019-5458 concerns the Node.js module http-file-server. All versions are vulnerable to a Cross-Site Scripting (XSS) flaw in directory listings: the server fails to sanitize filenames, allowing stored/reflective JavaScript in the victim’s browser when a user browses the listing. Evidence in co...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

PT-2019-17687 · Unknown · Http File Server

Name of the Vulnerable Software and Affected Versions: http-file-server all versions Description: A cross-site scripting XSS issue allows an attacker with access to the server file system to execute arbitrary JavaScript code in a victim's browser. The package fails to sanitize filenames, enabling...

Path Traversal

Overview All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a...

http-file-server path traversal vulnerability

http-file-server is an HTTP file server. A path traversal vulnerability exists in http-file-server. The vulnerability stems from a failure of a network system or product to properly filter special elements in the path of a resource or file. An attacker could use this vulnerability to access...

Path Traversal in http-file-server

All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...

GHSA-2MP5-M968-GWR2 Path Traversal in http-file-server

All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...

CVE-2019-5447

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...

Path traversal

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...