Description
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves.
Remediation
References
https://hackerone.com/reports/507159
Related Vulnerabilities
CVE-2023-5571 Vulnerability in npm package @vrite/sdk
CVE-2020-28459 Vulnerability in npm package markdown-it-decorate
CVE-2018-3745 Vulnerability in npm package atob
CVE-2023-37965 Vulnerability in maven package org.jenkins-ci.plugins:elasticbox
CVE-2015-0250 Vulnerability in maven package org.apache.xmlgraphics:batik-transcoder