CVE-2022-25847

Name of the Vulnerable Software and Affected Versions serve-lite versions all

Description The issue arises when the software detects a request to a directory and renders a file listing of its contents. This listing includes links with actual file names, but these names are not sanitized or output encoded, leading to Cross-site Scripting (XSS).

Recommendations For all versions, consider disabling the directory listing feature until a proper fix is implemented to sanitize or encode file names in links. Restrict access to directory listings to minimize the risk of exploitation.