CVE-2018-3771

Summary

An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.

Affected Software

VendorProductVersion RangeStatus
HackerOnestatics-server0.0.9affected

Weaknesses

  • CWE-79: Cross-site Scripting (XSS) - Generic (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References