Lightangel1412

**Name of the Vulnerable Software and Affected Versions** min-http-server (all versions) **Description** A cross-site scripting (XSS) issue allows an attacker with access to the server file system to execute arbitrary JavaScript code in a victim's browser. The package fails to sanitize filenames, enabling attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code. **Recommendations** For all versions, consider using an alternative package until a fix is made available. As a temporary workaround, consider restricting access to files with potentially malicious names to minimize the risk of exploitation.