0.001 Low
EPSS
Percentile
37.3%
fileview is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a user’s browser via the filename parameter as there was no validation and sanitization on filenames.
filename
github.com/itworkcenter/fileview/pull/2
hackerone.com/reports/507159
www.npmjs.com/advisories/1452