serve-lite is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the main
function in server.js
renders the listing file with all of its contents with links that include the actual file names without any sanitization or output encoding, allowing an attacker to inject and execute malicious JavaScript through the requested directory.
CPE | Name | Operator | Version |
---|---|---|---|
serve-lite | le | 1.1.0 | |
serve-lite | le | 1.1.0 |