Description
Cross-site scripting (XSS) vulnerability in http-file-server (all versions) allows an attacker with access to the server file system to execute arbitrary JavaScript code in victim's browser.
Remediation
References
https://hackerone.com/reports/570563
Related Vulnerabilities
CVE-2021-32808 Vulnerability in npm package ckeditor4
CVE-2023-46589 Vulnerability in maven package org.apache.tomcat:tomcat-catalina
CVE-2022-24718 Vulnerability in npm package @finastra/ssr-pages
CVE-2022-41253 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt
CVE-2020-23814 Vulnerability in maven package com.xuxueli:xxl-job