GHSA-qfh2-6f7q-gr86

Suggest an improvement
Source
https://github.com/advisories/GHSA-qfh2-6f7q-gr86
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-qfh2-6f7q-gr86/GHSA-qfh2-6f7q-gr86.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-qfh2-6f7q-gr86
Aliases
  • CVE-2018-3755
Published
2018-10-01T16:30:38Z
Modified
2023-11-08T04:00:19.145856Z
Severity
  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Cross-Site Scripting in sexstatic
Details

All versions of sexstatic are vulnerable to stored cross-site scripting (xss). This is exploitable if an attacker can control a filename that is served by sexstatic.

Recommendation

As there is no fix is currently available for this vulnerability it is our recommendation to not install or used this module at this time.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:51:42Z",
    "nvd_published_at": "2018-06-01T17:29:00Z",
    "severity": "MODERATE"
}
References

Affected packages

npm / sexstatic

Package

Name
sexstatic
View open source insights on deps.dev
Purl
pkg:npm/sexstatic

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.6.2

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/10/GHSA-qfh2-6f7q-gr86/GHSA-qfh2-6f7q-gr86.json"