Necessitates Proper Modularity
Severity: moderate

Cross-Site Scripting

sexstatic

Overview

All versions of sexstatic are vulnerable to stored cross-site scripting (xss). This is exploitable if an attacker can control a filename that is served by sexstatic.

Remediation

As there is no fix is currently available for this vulnerability it is our recommendation to not install or used this module at this time.

Resources

Advisory timeline

  1. published

    Advisory published
    Jun 1st, 2018
  2. reported

    Jun 1st, 2018