2018-06-01 17:00:00
hackerone
PUBLISHED
XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with element used in directory name.</p> </div> </div> </div> </div> </div> </div> </div> <footer> <div class="container py-4 py-lg-10"> <hr> <div class="text-muted d-flex justify-content-between align-items-center pt-3" style="text-align: center;"> <p class="mb-10"><center>Copyright © 2026 eXtreme Hosting</center></p> <p class="mb-10"><center><a href="/gdpr/">Privacy Policy GDPR/AVG</a> | <a href="/algemene-voorwaarden/">Algemene voorwaarden</a></center></p> </div> </div> </footer> <script src="/template/assets/bootstrap/js/bootstrap.min.js"></script> <script src="/template/assets/js/startup-modern.js"></script> </body> </html><img style="display: none;" src="https://telemetry.extremehosting.nl/Analy/?api=0C44A78F-C43E-4700-990A-0F40CE4B4A51&dtt=1746954019&urr=https://extremehosting.nl/cve/cve-details/CVE-2018-3755" />