Cross-site Scripting
XSS in sexstatic causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.
Advisories for Npm/Sexstatic package
2018
XSS in sexstatic causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name.