Veygax

**Name of the Vulnerable Software and Affected Versions** LocalSend versions up to and including 1.17.0 **Description** LocalSend is an application enabling file and message sharing with nearby devices on a local network, without internet access. When a user initiates a "Share via Link" session, the application starts a local HTTP server to host the selected files. The client-side logic for this web interface resides in `app/assets/web/main.js`. The `handleFilesDisplay` function constructs the HTML for the file list by iterating over the files received from the server. **Recommendations** Update LocalSend to a version later than 1.17.0.