CVE-2020-36988 PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

CVE-2020-36988

PDW File Browser

PT-2026-5114

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary...

PDW-File-Browser security vulnerability

PDW-File-Browser is a file browser developed by Michal Charemza. Version 1.3 of PDW-File-Browser has a security vulnerability; this vulnerability stems from the ability to upload and rename webshell files, which may lead to remote code execution...

Exploit for Cross-site Scripting in Iptanus Wordpress_File_Upload

CVE-2024-6651 POC XSS - CVE-2024-6651 PoC funcional para l...

EUVD-2026-3287

File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login...

CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login

File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...

CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login

File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...

CVE-2026-23849

File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...

CVE-2026-23849 File Browser vulnerable to Username Enumeration via Timing Attack in /api/login

File Browser provides a file managing interface within a specified directory and can be used to upload, delete, preview, rename, and edit files. Prior to version 2.55.0, the JSONAuth. Auth function contains a logic flaw that allows unauthenticated attackers to enumerate valid usernames by measuri...

CVE-2026-23849

CVE-2026-23849 – File Browser (github.com/filebrowser/filebrowser) shows a timing-based username enumeration flaw in the /api/login flow. The JSONAuth.Auth logic short-circuits when a user is not found, returning quickly, while a valid user triggers bcrypt password verification (users.CheckPwd) w...

PT-2026-3502

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.55.0 Description File Browser provides a file managing interface for tasks like uploading, deleting, and editing files. A flaw in the JSONAuth.Auth function allows unauthenticated attackers to identify valid...

CVE-2008-6342

Unspecified vulnerability in the TYPO3 Simple File Browser simplefilebrowser extension 1.0.2 and earlier allows remote attackers to obtain sensitive information via unknown attack vectors...

CVEhunter-Tools

CVEhunter: Integrated AI-Assisted Code Auditing Toolkit Windo...

GO-2025-4118 File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency in github.com/filebrowser/filebrowser...

GO-2025-4117 File Browser is Vulnerable to Insecure Direct Object Reference (IDOR) in Share Deletion Function in github.com/filebrowser/filebrowser

File Browser is Vulnerable to Insecure Direct Object Reference IDOR in Share Deletion Function in github.com/filebrowser/filebrowser...

CVE-2025-64523

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

EUVD-2025-180210

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency...

File Browser has risk of HTTP Request/Response smuggling through vulnerable dependency

The standard library net/http package dependency used by File Browser improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. I can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a...

Improper Authorization

Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Authorization via the shareDeleteHandler function, which handles deletion requests based solely on the share hash, and does not verify whether the link.UserID...