Cross-Site Scripting in seeftl
High severity
GitHub Reviewed
Published
Apr 1, 2020
to the GitHub Advisory Database
•
Updated Jan 9, 2023
Description
Reviewed
Apr 1, 2020
Published to the GitHub Advisory Database
Apr 1, 2020
Last updated
Jan 9, 2023
All versions of
seeftl
are vulnerable to Cross-Site Scripting (XSS). The package fails to sanitize filenames, allowing attackers to execute arbitrary JavaScript in the victim's browser through files with names containing malicious code.Recommendation
No fix is currently available. Consider using an alternative package until a fix is made available.
References