Описание
Cross-Site Scripting in sexstatic
All versions of sexstatic are vulnerable to stored cross-site scripting (xss). This is exploitable if an attacker can control a filename that is served by sexstatic.
Recommendation
As there is no fix is currently available for this vulnerability it is our recommendation to not install or used this module at this time.
Пакеты
Наименование
sexstatic
npm
Затронутые версииВерсия исправления
<= 0.6.2
Отсутствует
Связанные уязвимости
CVSS3: 6.1
nvd
больше 7 лет назад
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.