http-file-server is vulnerable to cross-site scripting (XSS) attack. It is possible because it does not handle the file name input from the user, allowing a malicious user to inject arbitrary script though it.
CPE | Name | Operator | Version |
---|---|---|---|
http-file-server | le | 0.2.6 | |
http-file-server | le | 0.2.6 |