Описание
Stored Cross-Site Scripting in tianma-static
All versions of tianma-static are vulnerable to stored cross-site scripting (XSS). The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static
Recommendation
As no fix is available for this vulnerability at this time it is our recommendation to use another static file server.
Пакеты
Наименование
tianma-static
npm
Затронутые версииВерсия исправления
<= 1.0.4
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
больше 7 лет назад
A stored xss in tianma-static module versions <=1.0.4 allows an attacker to execute arbitrary javascript.