Vulnerability Details CVE-2018-3755
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 62.7%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
Products affected by CVE-2018-3755
-
cpe:2.3:a:sexstatic_project:sexstatic:0.6.0
-
cpe:2.3:a:sexstatic_project:sexstatic:0.6.2