Cross-Site Scripting in harp

Description

This advisory has been withdrawn per request from the maintainer. Given harp is a static webserver, a XSS type of vulnerability is not appropriate.

Recommendation

No fix is available yet. Followings are affected versions:

• >= 0

References

• GHSA-cx7r-634m-2q2h
• hackerone.com
• www.npmjs.com

Related Issues

• QMarkdown Cross-Site Scripting (XSS) vulnerability - CVE-2025-43954
• @dependencytrack/frontend vulnerable to Persistent Cross-Site-Scripting via Vulnerability Details - CVE-2022-39350
• CKEditor 5 cross-site scripting (XSS) vulnerability in the clipboard package - CVE-2025-58064
• Froala Editor Cross-site Scripting vulnerability - CVE-2023-41592

Tags:

npm

harp