Node.js third-party modules: [glance] Stored XSS via file name allows to run arbitrary JavaScript when directory listing is displayed in browser

Hi Guys, There is a Stored XSS vulnerability in glance module. File name, which contains malicious HTML eg. embedded iframe element or javascript: pseudoprotocol handler in element allows to execute JavaScript code against any user who opens directory listing contains such crafted file name. Modu...