Lucene search
Veracode Vulnerability DatabaseVERACODE:39090HistoryFeb 03, 2023 - 2:23 a.m.
Cross-site Scripting (XSS)
2023-02-0302:23:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
serve-lite
cross-site scripting
unsanitized rendering
0.001 Low
EPSS
Percentile
25.3%
serve-lite is vulnerable to Cross-site Scripting (XSS). The vulnerability exists because the main function in server.js renders the listing file with all of its contents with links that include the actual file names without any sanitization or output encoding, allowing an attacker to inject and execute malicious JavaScript through the requested directory.
| CPE | Name | Operator | Version |
|---|---|---|---|
| serve-lite | le | 1.1.0 | |
| serve-lite | le | 1.1.0 |
Related
cve
cve
CVE-2022-25847
2023-01-26 21:15:30
cvelist
cvelist
CVE-2022-25847
2023-01-25 05:00:01
nvd
nvd
CVE-2022-25847
2023-01-26 21:15:30
osv
osv
Cross-site Scripting (XSS) in serve-lite
2023-01-26 21:30:25
prion
prion
Cross site scripting
2023-01-26 21:15:00
github
github
Cross-site Scripting (XSS) in serve-lite
2023-01-26 21:30:25