dutchcoders Transfer.sh versions 1.4.0 and prior are vulnerable to Cross Site Scripting (XSS) via a malicious document uploaded in transfer.sh. There is a fix commit merged into main for this issue, but an updated version has not yet been released. References https://nvd.nist.gov/vuln/detail/CVE-2022-40931 https://github.com/dutchcoders/transfer.sh/issues/500 https://github.com/dutchcoders/transfer.sh/pull/501 https://github.com/advisories/GHSA-pwq7-f7f9-cm2j
