Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:39090
HistoryFeb 03, 2023 - 2:23 a.m.

Cross-site Scripting (XSS)

2023-02-0302:23:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
serve-lite
cross-site scripting
unsanitized rendering

EPSS

0.001

Percentile

29.1%

serve-lite is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the main function in server.js renders the listing file with all of its contents with links that include the actual file names without any sanitization or output encoding, allowing an attacker to inject and execute malicious JavaScript through the requested directory.

EPSS

0.001

Percentile

29.1%

Related for VERACODE:39090