What the vulnerability does

01Description

The fileview package v0.1.6 has inadequate output encoding and escaping, which leads to a stored Cross-Site Scripting (XSS) vulnerability in files it serves.

Key dates

02Disclosure timeline

January 6, 2020 CVE published
August 5, 2024 Record updated