Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2019-15596

Disclosure Date: December 18, 2019 (last updated November 27, 2024)
A path traversal in statics-server exists in all version that allows an attacker to perform a path traversal when a symlink is used within the working directory.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2018-3771

Disclosure Date: July 20, 2018 (last updated November 27, 2024)
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0