4 matches found
CVE-2022-25847
All versions of the package serve-lite are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding...
CVE-2022-25847
All versions of the package serve-lite are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding...
CVE-2022-25847
CVE-2022-25847 affects the serve-lite package. The root cause is that when a request targets a directory, the server renders a file listing with links that include actual file names without sanitization or output encoding, enabling Cross-site Scripting (XSS) via crafted filenames. Affected: all v...
CVE-2022-25847
All versions of the package serve-lite are vulnerable to Cross-site Scripting XSS because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding...