connect cross-site scripting vulnerability

connect is an extended HTTP server framework for use in Node.js. A cross-site scripting vulnerability exists in versions of connect prior to 2.14.0, which stems from the program's lack of validation of files in the directory js middleware. This vulnerability can be exploited to inject arbitrary w...