statics-server is vulnerable to cross-site scripting (XSS). It is possible for an attacker to inject malicious iframe
tags via the filename
parameter and execute arbitray Javascript code. This is due to a lack of output encoding when the statics-server displays the directory index.
CPE | Name | Operator | Version |
---|---|---|---|
statics-server | le | 0.0.9 | |
statics-server | le | 0.0.9 |