CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-25847

All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 52.0%

CVSS Severity

CVSS v3 Score 5.4

References

https://gist.github.com/lirantal/52debd25284726fcc2eaed9c7512975c
https://security.snyk.io/vuln/SNYK-JS-SERVELITE-3149915
https://gist.github.com/lirantal/52debd25284726fcc2eaed9c7512975c
https://security.snyk.io/vuln/SNYK-JS-SERVELITE-3149915

Products affected by CVE-2022-25847

Serve-Lite Project » Serve-Lite » Version: N/A

cpe:2.3:a:serve-lite_project:serve-lite:-
Serve-Lite Project » Serve-Lite » Version: 0.0.0

cpe:2.3:a:serve-lite_project:serve-lite:0.0.0
Serve-Lite Project » Serve-Lite » Version: 1.0.0

cpe:2.3:a:serve-lite_project:serve-lite:1.0.0
Serve-Lite Project » Serve-Lite » Version: 1.1.0

cpe:2.3:a:serve-lite_project:serve-lite:1.1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-25847

Products

Pricing

Contact Us