CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
87.1%
Matthias Bussonnier reports:
Summary: Local folder name was used in HTML templates without
escaping, allowing XSS in said pages by carefully crafting folder
name and URL to access it.
URI with issues:
GET /tree/**
Benjamin RK reports:
Vulnerability: A maliciously forged file opened for editing can
execute javascript, specifically by being redirected to /files/ due
to a failure to treat the file as plain text.
URI with issues:
GET /edit/**