Cross-Site Scripting in Statics-Server by Affected Vendor
CVE-2018-3771

6.1MEDIUM

Key Information:

Vendor: Hackerone
Status: Statics-server
Vendor: CVE Published:; 20 July 2018

What is CVE-2018-3771?

An XSS vulnerability exists in Statics-Server versions up to 0.0.9. This flaw allows attackers to inject malicious iframes into filename fields, which can be exploited when the directory index is displayed in a browser. This can lead to unauthorized actions and data exposure, emphasizing the need for robust security measures in web applications.

Affected Version(s)

statics-server 0.0.9

References

https://hackerone.com/reports/355458

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 20, 2018
Vulnerability Reserved
Dec 28, 2017

Hackerone

What is CVE-2018-3771?

Affected Version(s)

References

CVSS V3.1

Timeline