CVE-2024-32966
MEDIUM5.8EPSS 0.05%static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Description
### Summary If directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like `<img src=x onerror=alert(1)>.txt` will allow JavaScript code execution in the context of the web server’s domain. ### Details SWS generally does not perform escaping of HTML entities on any values inserted in the directory listing. At the very least `file_name` and `current_path` could contain malicious data however. `file_uri` could also be malicious but the relevant scenarios seem to be all caught by hyper. ### Impact For any web server that allow users to upload files or create directories under a name of their choosing this becomes a stored XSS vulnerability.
Affected packages (1)
- crates.io/static-web-serverfrom 0, < 2.30.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.8 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L |