Description
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Remediation
References
https://hackerone.com/reports/355458
Related Vulnerabilities
CVE-2022-36922 Vulnerability in maven package org.jenkins-ci.plugins:lucene-search
CVE-2020-36187 Vulnerability in maven package com.fasterxml.jackson.core:jackson-databind
CVE-2018-3721 Vulnerability in npm package @sailshq/lodash
CVE-2023-40343 Vulnerability in maven package io.jenkins.plugins:tuleap-oauth