Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/04/02 10:55 p.m.4 views

CVE-2026-34530

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...

6.9CVSS5.8AI score0.00356EPSS
Exploits1References1
NVD
NVD
added 2026/04/01 9:17 p.m.2 views

CVE-2026-34530

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...

6.9CVSS0.00356EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/04/01 8:41 p.m.2 views

CVE-2026-34530

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...

6.9CVSS5.8AI score0.00356EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2026/04/01 8:41 p.m.16 views

CVE-2026-34530

CVE-2026-34530 affects File Browser (pre-2.62.2) where the SPA index page renders admin-controlled branding fields using Go’s text/template, which is not HTML-escaped. An admin can set branding.name to a malicious payload, injecting persistent JavaScript that executes for all visitors, including ...

6.9CVSS5.8AI score0.00356EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2026/04/01 12:0 a.m.8 views

File Browser 跨站脚本漏洞

File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained a cross-site scripting vulnerability. This vulnerability...

6.9CVSS5.6AI score0.00356EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/31 11:45 p.m.4 views

Cross-site Scripting (XSS)

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the branding.name field on SPA index page in File Browser. An attacker can execute arbitrary JavaScript in the context of all users, includin...

6.9CVSS6AI score0.00356EPSS
Exploits1References2
Snyk
Snyk
added 2026/03/31 11:45 p.m.9 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the branding.name field on SPA index page in File Browser. An attacker can execute arbitrary JavaScript in the context of all users, including unauthenticated visitors, by injecting malicious payloads into t...

6.9CVSS6AI score0.00356EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/03/31 11:45 p.m.6 views

File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection

Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...

6.9CVSS6AI score0.00356EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/03/31 11:45 p.m.1 views

GHSA-XFQJ-3VMX-63WV File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection

Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...

6.9CVSS6AI score0.00356EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2026/03/31 12:0 a.m.2 views

PT-2026-29427

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.62.2 Description: File Browser versions prior to 2.62.2 are susceptible to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An administrator setting the branding.name field to a malicious...

6.9CVSS6AI score0.00356EPSS
Exploits1References7
Rows per page
Query Builder