Description
An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.
Remediation
References
https://hackerone.com/reports/355458
Related Vulnerabilities
CVE-2022-27139 Vulnerability in npm package ghost
CVE-2023-36472 Vulnerability in npm package @strapi/plugin-content-manager
CVE-2020-24025 Vulnerability in maven package org.webjars.npm:node-sass
CVE-2021-37713 Vulnerability in npm package tar
CVE-2020-19698 Vulnerability in maven package org.webjars.npm:editor.md