EPSS
Percentile
38.0%
sexstatic is vulnerable to cross-site scripting (XSS) attacks. The vulnerability exists due to the lack of sanitization in user input of pathname in showdir.js, allowing arbitrary javascript code to be executed when rendered.
pathname
showdir.js
hackerone.com/bl4de
hackerone.com/reports/328210