Description
The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves.
Remediation
References
https://hackerone.com/reports/507159
Related Vulnerabilities
CVE-2023-47320 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war
CVE-2020-7675 Vulnerability in npm package cd-messenger
CVE-2016-5018 Vulnerability in maven package org.apache.tomcat:tomcat-jasper
CVE-2021-33561 Vulnerability in maven package com.shopizer:shopizer
CVE-2021-43138 Vulnerability in maven package org.webjars.npm:async