Cross-Site Scripting

Overview All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently availabl...

GHSA-7J93-2H6R-HM49 Cross-Site Scripting in http-file-server

All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consid...

Cross-Site Scripting in http-file-server

All versions of http-file-server are vulnerable to Cross-Site Scripting XSS. The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. Recommendation No fix is currently available. Consid...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

Cross site scripting

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

CVE-2019-5458

CVE-2019-5458 concerns the Node.js module http-file-server. All versions are vulnerable to a Cross-Site Scripting (XSS) flaw in directory listings: the server fails to sanitize filenames, allowing stored/reflective JavaScript in the victim’s browser when a user browses the listing. Evidence in co...

CVE-2019-5458

Cross-site scripting XSS vulnerability in http-file-server all versions allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser...

PT-2019-17687 · Unknown · Http File Server

Name of the Vulnerable Software and Affected Versions: http-file-server all versions Description: A cross-site scripting XSS issue allows an attacker with access to the server file system to execute arbitrary JavaScript code in a victim's browser. The package fails to sanitize filenames, enabling...

Path Traversal

Overview All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a...

http-file-server path traversal vulnerability

http-file-server is an HTTP file server. A path traversal vulnerability exists in http-file-server. The vulnerability stems from a failure of a network system or product to properly filter special elements in the path of a resource or file. An attacker could use this vulnerability to access...

Path Traversal in http-file-server

All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...

GHSA-2MP5-M968-GWR2 Path Traversal in http-file-server

All versions of http-file-server are vulnerable to Path Traversal. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relative paths. Recommendation No fix is currently available. Consider using an alternative package until a fix is ma...

CVE-2019-5447

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...

Path traversal

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...

CVE-2019-5447

A path traversal vulnerability in = v0.2.6 of http-file-server npm module allows attackers to list files in arbitrary folders...

PT-2019-17676 · Unknown · Http File Server

Name of the Vulnerable Software and Affected Versions: http-file-server versions = 0.2.6 Description: A path traversal issue allows attackers to list files in arbitrary folders. The package fails to sanitize URLs, allowing attackers to access server files outside of the served folder using relati...

Directory Traversal

http-file-server is vulnerable to directory traversal. It does not prevent the use of ../ in the path name of URL, allowing an attacker to list any files or folder in another folder of web root...

VulnCheck KEV: CVE-2014-6287

The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server HFS or HttpFileServer allows remote attackers to execute arbitrary programs...

Node.js third-party modules: [http-file-server] Stored XSS in the filename when directories listing

I would like to report Stored XSS in module "http-file-server". It allows to inject malicious scripts in the file name, store them on the server, then execute these scripts in the browser via the XSS vulnerability. Module module name: http-file-server version: 0.2.6 npm page:...