MEDIUM
Openjsf
CVE published 2017-01-23
CVE-2015-8856
CVE-2015-8856 is a cross-site scripting issue in the Node.js serve-index package before 1.6.3. If an attacker can influence a file or directory name that is rendered in a directory listing, the generated page may include attacker-controlled script or HTML. The CVE record was published on 2017-01-23, while the referenced advisory material dates to 2016-04-20.