All versions of tianma-static
are vulnerable to stored cross-site scripting (XSS). The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static
As no fix is available for this vulnerability at this time it is our recommendation to use another static file server.