Description
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Remediation
References
https://hackerone.com/reports/355458
Related Vulnerabilities
CVE-2021-41246 Vulnerability in npm package express-openid-connect
CVE-2021-39157 Vulnerability in npm package detect-character-encoding
CVE-2018-13339 Vulnerability in maven package org.webjars.bower:angular-redactor
CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-nifi-parent
CVE-2022-29567 Vulnerability in maven package com.vaadin:vaadin