3 matches found
CVE-2024-32966 Stored Cross-site Scripting in directory listings via file names in static-web-server
Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...
CVE-2024-32966 Stored Cross-site Scripting in directory listings via file names in static-web-server
Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...
CVE-2024-32966
The CVE-2024-32966 issue affects Static Web Server (SWS) when directory listings are enabled and a user with upload rights can name files. The directory listing code embeds file/directory names directly into HTML without escaping, enabling stored XSS via malicious file names (e.g., .txt). This ca...