CVE-2018-3755

Name of the Vulnerable Software and Affected Versions sexstatic versions 0.6.2 and earlier sexstatic (all versions)

Description The issue allows for stored cross-site scripting (XSS) if an attacker can control a filename served by the software. This can lead to HTML injection in directory names, resulting in Stored XSS when a malicious file is embedded with an iframe element used in the directory name.

Recommendations For sexstatic versions 0.6.2 and earlier, there is no information about a newer version that contains a fix for this issue. For sexstatic (all versions), do not install or use this module at this time, as there is currently no fix available for this issue.