Vulnerabilities > Serve Lite Project

DATE	CVE	VULNERABILITY TITLE	RISK
2023-01-26	CVE-2022-21192	Path Traversal vulnerability in Serve-Lite Project Serve-Lite All versions of the package serve-lite are vulnerable to Directory Traversal due to missing input sanitization or other checks and protections employed to the req.url passed as-is to path.join(). network low complexity serve-lite-project CWE-22	7.5
2023-01-26	CVE-2022-25847	Cross-site Scripting vulnerability in Serve-Lite Project Serve-Lite All versions of the package serve-lite are vulnerable to Cross-site Scripting (XSS) because when it detects a request to a directory, it renders a file listing of all of its contents with links that include the actual file names without any sanitization or output encoding. network low complexity serve-lite-project CWE-79	6.1

Vulnerabilities > Serve Lite Project {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Serve Lite Project"}]}