Parente5C757D

**Name of the Vulnerable Software and Affected Versions** WsgiDAV versions prior to 4.1.0 **Description** Implementations using this library with directory browsing enabled may be susceptible to Cross Site Scripting (XSS) attacks. This issue occurs when untrusted data is displayed in the directory browser's user interface, such as 'realm' or user name. An attacker cannot exploit this vulnerability by simply uploading a file or folder with a manipulated file name. **Recommendations** For versions prior to 4.1.0, upgrade to version 4.1.0 to resolve the issue. As a temporary workaround, set `dir browser.enable = False` in the configuration to prevent directory browsing and minimize the risk of exploitation. For example, when using a Python dictionary to configure the library, use the following configuration: ``` config = { # your normal configuration "dir browser": { "enable": False }, } app = WsgiDAVApp(config) ```