CVE-2018-3755 - AskarLabs CVE Database

CVE-2018-3755

Vendor Hackerone

Product sexstatic

Weakness CWE-79 · XSS

Published June 1, 2018

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.

Key dates

02Disclosure timeline

June 1, 2018 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-3755 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-1008 Recently Purchased Products For Woo <= 1.1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via view Parameter CVE-2025-34032 Moodle LMS Jmol Plugin Cross-site Scripting (XSS) CVE-2023-2498 Go Pricing - WordPress Responsive Pricing Tables <= 3.3.19 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2023-25491 WordPress JCH Optimize Plugin <= 3.2.2 is vulnerable to Cross Site Scripting (XSS) CVE-2024-0612 Content Views <= 3.6.2 - Authenticated(Administrator+) Stored Cross-Site Scripting via settings