Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2018-3755

UNKNOWN
Published 2018-06-01T17:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-3755. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

HackerOne

sexstatic

Affected Versions:

<=0.6.2

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed MODERATE

Cross-Site Scripting in sexstatic

GHSA-qfh2-6f7q-gr86

Advisory Details

All versions of `sexstatic` are vulnerable to stored cross-site scripting (xss). This is exploitable if an attacker can control a filename that is served by `sexstatic`. ## Recommendation As there is no fix is currently available for this vulnerability it is our recommendation to not install or used this module at this time.

Affected Packages

npm sexstatic
ECOSYSTEM: ≥0 ≤0.6.2

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-3755
WEB https://hackerone.com/reports/328210
ADVISORY https://github.com/advisories/GHSA-qfh2-6f7q-gr86
WEB https://www.npmjs.com/advisories/671

Advisory provided by GitHub Security Advisory Database. Published: October 1, 2018, Modified: March 1, 2023

References

https://hackerone.com/reports/328210
Published: 2018-06-01T17:00:00
Last Modified: 2024-08-05T04:50:30.615Z
Copied to clipboard!