A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HFilebrowser
APPFilebrowser< 2.25.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSSLPE
CWE
Referencje
Powiązane podatności
CVE-2026-32760CRITICAL10.0PL ✓ten sam produkt
File Browser: niezabezpieczona rejestracja konta administratora bez uwierzytelnienia
CVE-2026-29188CRITICAL9.1PL ✓ten sam produkt
Broken Access Control w File Browser — usuwanie plików bez uprawnień
CVE-2026-35604HIGH8.2ten sam produkt
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files wit...
CVE-2026-35585HIGH7.5ten sam produkt
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files wit...
CVE-2026-35607HIGH8.1ten sam produkt
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files wit...