GitHub Advisory DatabaseGHSA-JHGP-HVJ6-X2P2Stored Cross-Site Scripting in tianma-static
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
42.6%
All versions of tianma-static are vulnerable to stored cross-site scripting (XSS). The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static
Recommendation
As no fix is available for this vulnerability at this time it is our recommendation to use another static file server.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| tianma-static_project | tianma-static | * | cpe:2.3:a:tianma-static_project:tianma-static:*:*:*:*:*:node.js:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
Percentile
42.6%