CVE-2018-3771

CVE-2018-3771

Vendor Hackerone

Product statics-server

Weakness CWE-79 · XSS

Published July 20, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

An XSS in statics-server <= 0.0.9 can be used via injected iframe in the filename when statics-server displays directory index in the browser.

Key dates

02Disclosure timeline

July 20, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-3771 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-51868 WordPress DuoGeek Blocks plugin <= 0.1.1 - Cross Site Scripting (XSS) vulnerability CVE-2026-40112 PraisonAI has Stored XSS via Unsanitized Agent Output in HTML Rendering (nh3 Not a Required Dependency) CVE-2023-48746 WordPress Community by PeepSo Plugin <= 6.2.6.0 is vulnerable to Cross Site Scripting (XSS) CVE-2022-0678 Cross-site Scripting (XSS) - Reflected in microweber/microweber CVE-2023-49827 WordPress Soledad Theme <= 8.4.1 is vulnerable to Cross Site Scripting (XSS)