EPSS
Percentile
50.1%
anywhere is vulnerable to cross-site scripting (XSS) attacks. The library uses a version of the serve-index package that is vulnerable to CVE-2015-8856, allowing a malicious user to inject and execute arbitrary Javascript.
github.com/senchalabs/connect/commit/6d5dd30075d2bc4ee97afdbbe3d9d98d8d52d74b
hackerone.com/bl4de
hackerone.com/reports/309394
hackerone.com/reports/309641
www.sourceclear.com/vulnerability-database/security/cross-site-scripting-xss-/javascript/sid-1604