2 matches found
CVE-2019-15596
statics-server (npm package) is affected by a path traversal vulnerability that arises from not properly limiting access to files outside the served directory when a symlink within the working directory is used. Exploitation allows reading arbitrary files on the server by requesting the symlink t...
CVE-2018-3771
Summary: CVE-2018-3771 affects statics-server up to version 0.0.9, where directory listings are not HTML-escaped, allowing an attacker to inject an iframe via the filename and execute arbitrary JavaScript in a victim’s browser. This XSS occurs when the server displays the directory index. Impact ...