513 matches found
File Browser 跨站脚本漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained a cross-site scripting vulnerability. This vulnerability...
File Browser 安全漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained security vulnerabilities. These vulnerabilities stemmed from...
File Browser 跨站脚本漏洞
File Browser is an open-source file management interface developed by File Browser. It allows for the uploading, deletion, previewing, and editing of files within a specified directory. Versions of File Browser prior to 2.62.2 contained a cross-site scripting vulnerability. This vulnerability...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the branding.name field on SPA index page in File Browser. An attacker can execute arbitrary JavaScript in the context of all users, including unauthenticated visitors, by injecting malicious payloads into t...
File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection
Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...
GHSA-XFQJ-3VMX-63WV File Browser vulnerable to Stored Cross-site Scripting via text/template branding injection
Summary The SPA index page in File Browser is vulnerable to Stored Cross-site Scripting XSS via admin-controlled branding fields. An admin who sets branding.name to a malicious payload injects persistent JavaScript that executes for ALL visitors, including unauthenticated users. Details...
Cross-site Scripting (XSS)
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Cross-site Scripting XSS via the branding.name field on SPA index page in File Browser. An attacker can execute arbitrary JavaScript in the context of all users, includin...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the EPUB preview function in File Browser. An attacker can execute arbitrary JavaScript in the context of the victim's browser by uploading a crafted EPUB file containing malicious scripts. This allows the...
GHSA-5VPR-4FGW-F69H File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file
Summary The EPUB preview function in File Browser is vulnerable to Stored Cross-site Scripting XSS. JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. Details frontend/src/views/files/Preview.vue passes allowScriptedContent: true to the...
File Browser is vulnerable to Stored Cross-site Scripting via crafted EPUB file
Summary The EPUB preview function in File Browser is vulnerable to Stored Cross-site Scripting XSS. JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. Details frontend/src/views/files/Preview.vue passes allowScriptedContent: true to the...
PT-2026-29426
Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.62.2 Description File Browser's EPUB preview function is susceptible to Stored Cross-Site Scripting XSS. A crafted EPUB file containing JavaScript can execute in a victim's browser when the file is previewed. T...
CVE-2026-34530
creationtimestamp| type| source ---|---|--- 2026-03-28 19:03:19+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-xfqj-3vmx-63wv 2026-03-28 19:03:19+00:00| published-proof-of-concept|...
SUSE CVE-2026-32758
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...
GO-2026-4713 File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser
File Browser TUS Negative Upload-Length Fires Post-Upload Hooks Prematurely in github.com/filebrowser/filebrowser...
GO-2026-4710 File Browser Signup Grants Admin When Default Permissions Include Admin in github.com/filebrowser/filebrowser
File Browser Signup Grants Admin When Default Permissions Include Admin in github.com/filebrowser/filebrowser...
GO-2026-4711 File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter in github.com/filebrowser/filebrowser
File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter in github.com/filebrowser/filebrowser...
CVE-2026-32758
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.2 and below are vulnerable to Path Traversal through the resourcePatchHandler http/resource.go. The destination path in resourcePatchHandler is...
CVE-2026-32761
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Versions 2.61.0 and below contain a permission enforcement bypass which allows users who are denied download privileges perm.download = false but granted share...
CVE-2026-32760
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions 2.61.2 and below, any unauthenticated visitor can register a full administrator account when self-registration signup = true is enabled and the...
SUSE CVE-2026-28492
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to version 2.61.0, when a user creates a public share link for a directory, the withHashFile middleware in http/public.go uses...