Description
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Remediation
References
https://hackerone.com/reports/355458
Related Vulnerabilities
CVE-2019-18608 Vulnerability in npm package cezerin
CVE-2022-26112 Vulnerability in maven package org.apache.pinot:pinot-broker
CVE-2014-125087 Vulnerability in maven package com.jamesmurty.utils:java-xmlbuilder
CVE-2017-3202 Vulnerability in maven package com.exadel.flamingo.flex:amf-serializer
CVE-2023-3691 Vulnerability in maven package org.webjars.npm:github-com-layui-layui