Description
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Remediation
References
https://hackerone.com/reports/355458
Related Vulnerabilities
CVE-2022-40705 Vulnerability in maven package soap:soap
CVE-2022-32065 Vulnerability in maven package com.ruoyi:ruoyi
CVE-2021-41862 Vulnerability in maven package com.googlecode.aviator:aviator
CVE-2022-45392 Vulnerability in maven package io.jenkins.plugins:cavisson-ns-nd-integration
CVE-2021-23337 Vulnerability in maven package org.webjars.bower:lodash