Narnia's Poofy Meatcleaver
Severity: critical

Stored Cross-Site Scripting

tianma-static

Overview

All versions of tianma-static are vulnerable to stored cross-site scripting (XSS). The vulnerability is exploitable if a user can control the name of a file that is served by tianma-static

Remediation

As no fix is available for this vulnerability at this time it is our recommendation to use another static file server.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. Created

    2018-11-29T02:39:41.230Z
  2. Updated

    2018-12-07T15:55:06.954Z