Node.js third-party modules: [serve] Stored XSS in the filename when directories listing

I would like to report a Stored XSS issue in module serve It allows executing malicious javascript code in the user's browser. Module module name: serve version: 7.0.1 npm page: https://www.npmjs.com/package/serve Module Description Assuming you would like to serve a static site, single page...