EUVD-2018-0662

Malware in sbrugna...

Cross-Site Scripting in sexstatic

All versions of sexstatic are vulnerable to stored cross-site scripting xss. This is exploitable if an attacker can control a filename that is served by sexstatic. Recommendation As there is no fix is currently available for this vulnerability it is our recommendation to not install or used this...

dave-sitegen (>=2.3.0 <=2.16.1), localdiff (=0.1.1) +3 more potentially affected by CVE-2018-3755 via sexstatic (=0.6.2)

sexstatic NPM version =0.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on sexstatic and may be impacted: - dave-sitegen =2.3.0, =2.2.5, =0.7.4, =0.8.1, =0.9.0 Source cves: CVE-2018-3755 Source advisory: OSV:GHSA-QFH2-6F7Q-GR86...

GHSA-QFH2-6F7Q-GR86 Cross-Site Scripting in sexstatic

All versions of sexstatic are vulnerable to stored cross-site scripting xss. This is exploitable if an attacker can control a filename that is served by sexstatic. Recommendation As there is no fix is currently available for this vulnerability it is our recommendation to not install or used this...

sexstatic cross-site scripting vulnerability

sexstatic is a static file server. A cross-site scripting vulnerability exists in sexstatic 0.6.2 and earlier versions. A remote attacker can exploit this vulnerability to execute arbitrary JavaScript code on a browser...

Cross-Site Scripting

Overview All versions of sexstatic are vulnerable to stored cross-site scripting xss. This is exploitable if an attacker can control a filename that is served by sexstatic. Recommendation As there is no fix is currently available for this vulnerability it is our recommendation to not install or...

CVE-2018-3755

XSS in sexstatic element used in directory name...

Design/Logic Flaw

XSS in sexstatic element used in directory name...

CVE-2018-3755

XSS in sexstatic element used in directory name...

CVE-2018-3755

Summary (CVE-2018-3755) : The vulnerability affects the static file server module sexstatic (versions ≤ 0.6.2). Affected component is the directory listing code in showdir.js where the directory name (pathname) is used in HTML output without sanitization, enabling a stored XSS if an attacker prov...

CVE-2018-3755

XSS in sexstatic element used in directory name...

PT-2018-16176 · Sexstatic · Sexstatic

Name of the Vulnerable Software and Affected Versions: sexstatic versions 0.6.2 and earlier sexstatic all versions Description: The issue allows for stored cross-site scripting XSS if an attacker can control a filename served by the software. This can lead to HTML injection in directory names,...

Cross-site Scripting (XSS)

sexstatic is vulnerable to cross-site scripting XSS attacks. The vulnerability exists due to the lack of sanitization in user input of pathname in showdir.js, allowing arbitrary javascript code to be executed when rendered...

Node.js third-party modules: [sexstatic] HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name

I would like to report HTML Injection vulnerability in sexstatic module. It is possible to use HTML in directory names, which might lead to run arbitrary JavaScript code in the browser. Module module name: sexstatic version: 0.6.2 npm page: https://www.npmjs.com/package/sexstatic Module Descripti...