GHSA-RJF8-2WCW-F6MP Salvo is vulnerable to reflected XSS in the list_html function

Summary The function listhtml generates an file view of a folder which includes a render of the current path, in which its inserted in the HTML without proper sanitation, leading to reflected XSS. The request path is decoded and normalized in the matching stage but is not inserted raw in the HTML...

Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Summary The function listhtml generates a file view of a folder without sanitizing the files or folders names, potentially leading to XSS in cases where a website allows access to public files using this feature, allowing anyone to upload a file. Details The vulnerable snippet of code is the...

CVE-2026-22257

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

EUVD-2026-1423

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

CVE-2026-22257 Salvo is vulnerable to stored XSS in the list_html function by uploading files with malicious names

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generates a file view of a folder without sanitizing the files or folders names, this may potentially lead to XSS in cases where a website allow the access to public files using this feature and anyone can uploa...

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

CVE-2026-22256 Salvo is vulnerable to reflected XSS in the list_html function

Salvo is a Rust web backend framework. Prior to version 0.88.1, the function listhtml generate an file view of a folder which include a render of the current path, in which its inserted in the HTML without proper sanitation, this leads to reflected XSS using the fact that request path is decoded...

salvo 跨站脚本漏洞

salvo is a web framework for Salvo open source . A cross-site scripting vulnerability exists in versions prior to salvo 0.88.1 , the vulnerability stems from the listhtml function does not properly clean up the path , which could lead to reflective cross-site scripting attacks...