CVE-2022-25847
- Reference to the description:
- Description:
- All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.
- Last updated date:
- 02/01/2023
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 02/01/2023
- Reference url to background
https://gist.github.com/lirantal/52debd25284726fcc2eaed9c7512975c