All versions of tianma-static are vulnerable to stored cross-site scripting (XSS). The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static
As no fix is available for this vulnerability at this time it is our recommendation to use another static file server.
{
"nvd_published_at": null,
"severity": "MODERATE",
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:43:28Z"
}