2 matches found
CVE-2018-3771
An XSS in statics-server = 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser...
CVE-2018-3771
Summary: CVE-2018-3771 affects statics-server up to version 0.0.9, where directory listings are not HTML-escaped, allowing an attacker to inject an iframe via the filename and execute arbitrary JavaScript in a victim’s browser. This XSS occurs when the server displays the directory index. Impact ...