523 matches found
CVE-2026-34530
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...
CVE-2026-34530 File Browser is vulnerable to Stored Cross-Site Scripting via text/template branding injection
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the SPA index page in File Browser is vulnerable to Stored Cross-Site Scripting XSS via admin-controlled branding fields. An admin who...
CVE-2026-34530
CVE-2026-34530 affects File Browser (pre-2.62.2) where the SPA index page renders admin-controlled branding fields using Go’s text/template, which is not HTML-escaped. An admin can set branding.name to a malicious payload, injecting persistent JavaScript that executes for all visitors, including ...
CVE-2026-34528
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...
CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...
CVE-2026-34528 File Browser's Signup Grants Execution Permissions When Default Permissions Includes Execution
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the signupHandler in File Browser applies default user permissions via d.settings.Defaults.Applyuser, then strips only Admin. The Execu...
CVE-2026-34529 File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting XSS. JavaScript embedded in a crafted EPUB file...
CVE-2026-34529
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting XSS. JavaScript embedded in a crafted EPUB file...
CVE-2026-34529
CVE-2026-34529 describes a Stored Cross-Site Scripting (XSS) flaw in File Browser’s EPUB preview prior to version 2.62.2. The root cause is the EPUB preview path (frontend/src/views/files/Preview.vue) passing allowScriptedContent to epub.js, whose iframe sandbox settings (allow-scripts with allow...
CVE-2026-34529 File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting XSS. JavaScript embedded in a crafted EPUB file...
File Browser 跨站脚本漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained a cross-site scripting vulnerability. This vulnerability...
File Browser 跨站脚本漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained a cross-site scripting vulnerability. This vulnerability...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained security vulnerabilities. These vulnerabilities stemmed from...
Cross-site Scripting (XSS)
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the branding.name field on SPA index page in File Browser. An attacker can execute arbitrary JavaScript in the context of all users, includin...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the branding.name field on SPA index page in File Browser. An attacker can execute arbitrary JavaScript in the context of all users, including unauthenticated visitors, by injecting malicious payloads into t...
GHSA-XFQJ-3VMX-63WV File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection
Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...
File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection
Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the EPUB preview function in File Browser. An attacker can execute arbitrary JavaScript in the context of the victim's browser by uploading a crafted EPUB file containing malicious scripts. This allows the...
GHSA-5VPR-4FGW-F69H File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file
Summary The EPUB preview function in File Browser is vulnerable to Stored Cross-site Scripting XSS. JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. Details frontend/src/views/files/Preview.vue passes allowScriptedContent: true to the...
File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file
Summary The EPUB preview function in File Browser is vulnerable to Stored Cross-site Scripting XSS. JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. Details frontend/src/views/files/Preview.vue passes allowScriptedContent: true to the...