SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2018-3755

XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with element used in directory name.</p><a id='hideExpand' onclick='showCVSS();' style='color:#08549c;cursor:pointer;font-size:14px;'><b style='font-size:13px'><u>CVSS Score and Metrics </u>+</b></a><a id='hideCollapse' onclick='showCVSS();' style='color:#08549c;cursor:pointer;font-size:14px;'><b style='font-size:13px'><u>CVSS Score and Metrics </u>-</b></a><p></p><table id='hideTable' cellspacing='3' cellpadding='0' border='0' align='left' style='color:#08549C;'><tr><td colspan='2' width='440px'><b style='font-size:13px'>CVSS V3 Severity:</b></td><td colspan = '2' width='320px' align = 'left' valign = 'top'><b style='font-size:13px'>CVSS V2 Severity:</b></td></tr><tr><td colspan='2' width='440px'>CVSS Score : 6.1</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>CVSS Score : 4.3</td></tr><tr><td colspan='2' width='440px'>Exploit Score: 2.8</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Exploit Score: 8.6</td></tr><tr><td colspan='2' width='440px'>Impact Score: 2.7</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Impact Score: 2.9</td></tr><tr><td> </td></tr><tr><td colspan='2' width='440px'><b style='font-size:13px'>CVSS V3 Metrics:</b></td><td colspan = '2' width='320px' align = 'left' valign = 'top'><b style='font-size:13px'>CVSS V2 Metrics:</b></td></tr><tr><td colspan='2' width='440px'>Attack Vector: NETWORK</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Access Vector: NETWORK</td></tr><tr><td colspan='2' width='440px'>Attack Complexity: LOW</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Access Complexity: MEDIUM</td></tr><tr><td colspan='2' width='440px'>Privileges Required: NONE</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Authentication: NONE</td></tr><tr><td colspan='2' width='440px'>User Interaction: REQUIRED</td><td colspan='2' width='320px' align= 'left' valign = 'top'>Confidentiality: NONE</td></tr><tr><td colspan='2' width='440px'>Scope: CHANGED</td><td colspan='2' width='320px' align = 'left' valign = 'top'>Integrity: PARTIAL</td></tr><tr><td colspan='2' width='440px'>Confidentiality: LOW</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Availability: NONE</td></tr><tr><td colspan='2' width='440px'>Integrity: LOW</td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr><tr><td colspan='2' width='440px'>Availability: NONE</td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr><tr><td colspan='2' width='440px'> </td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr></table><table cellspacing='0' border='0' style='color:#08549C'><tr><td width='640px' valign='top'><b style='font-size:13px'>Reference:</b> </td></tr><tr> <td><a href="javascript: openReference('https://hackerone.com/reports/328210')">https://hackerone.com/reports/328210</a></td> </tr></table></br> </div> </td> </tr> </table> </div> <a href="control.jsp?command=relation&relationId=79&search=79" style="cursor:pointer;" onmouseOver="showIdsMouseOver('sub1')" onmouseOut="showIdsMouseOut('sub1')"> <div class='relation-div-small' id='sub1' style='left:45%;'> <font color="#08549C"> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td align="left"> <font color="#08549C"> <b>CWE</b> </font> <font color="#08549C" size=3> <b>   1</b> </font> </td> </tr> </table> <div id="idDiv1" style="text-overflow:ellipsis;overflow:hidden;width:120px;" > <font size=1> CWE-79<br/> </font> </div> </div> </a> <input id="idDivHidden1" name="idDivHidden1" type="hidden" value="CWE-79"> <div style="position:absolute;top:620px;left:540px;clear:both;"> <script> function footer(page){ window.open(page); } </script> <script src="/JavaScriptServlet" type="text/javascript"></script> <p style="clear:both;text-align:center;"> <center><p>© <script>document.write(new Date().getFullYear())</script> SecPod Technologies</p></center> </p> </div> </div> </body> </html>


30480



423868



252212



909



196748



282