CVE-2018-16480
The CVE-2018-16480 entry maps to the Node.js package public (versions prior to 0.1.4) with a stored XSS in the directory listing render due to unsanitized file/folder names. A malicious filename containing script can execute arbitrary JavaScript in a victim’s browser when listing directories. Aff...