Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
serve-lite 跨站脚本漏洞
Vulnerability Description
serve-lite是用于基于静态文件的 Web 开发的轻量级 http 服务器。 serve-lite 存在安全漏洞,该漏洞源于在收到对目录的请求时,会不加清理或转义的呈现文件列表。
CVSS Information
N/A
Vulnerability Type
N/A