CVE-2022-50891

Owlfiles File Manager 12.0.1 is affected by a cross-site scripting vulnerability in the HTTP server’s path parameter used by download/list endpoints. The issue lets attackers craft URLs with embedded script tags to execute arbitrary JavaScript in users’ browsers. Red Hat and other sources confirm...

CVE-2022-50891 Owlfiles File Manager 12.0.1 Cross-Site Scripting via HTTP Server

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...

CVE-2022-50891 Owlfiles File Manager 12.0.1 Cross-Site Scripting via HTTP Server

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary...

CVE-2022-50890

The CVE-2022-50890 entry affects Owlfiles File Manager 12.0.1, describing a path traversal vulnerability in the built-in HTTP server that lets an attacker access restricted system directories by crafting GET requests with directory traversal sequences. The impact is access to system directories; ...

CVE-2022-50890 Owlfiles File Manager 12.0.1 - Path Traversal

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...

CVE-2022-50890 Owlfiles File Manager 12.0.1 - Path Traversal

Owlfiles File Manager 12.0.1 contains a path traversal vulnerability in its built-in HTTP server that allows attackers to access system directories. Attackers can exploit the vulnerability by crafting GET requests with directory traversal sequences to access restricted system directories on the...

PT-2026-2366

Name of the Vulnerable Software and Affected Versions Owlfiles File Manager version 12.0.1 Description Owlfiles File Manager version 12.0.1 contains a path traversal issue in its built-in HTTP server. This allows attackers to access system directories by crafting GET requests with directory...

PT-2026-2367

Name of the Vulnerable Software and Affected Versions Owlfiles File Manager version 12.0.1 Description Owlfiles File Manager contains a cross-site scripting issue that enables attackers to inject malicious scripts. This is achieved by exploiting the path parameter within HTTP server endpoints,...

CVE-2026-22804

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

CVE-2026-22804 Termix has a Stored XSS in File Manager leading to Local File Inclusion (LFI) in Electron and Session Hijacking in Browser

Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. From 1.7.0 to 1.9.0, Stored Cross-Site Scripting XSS vulnerability exists in the Termix File Manager component. The application fails to sanitize SVG file content before rendering it. Thi...

CVE-2026-22804

CVE-2026-22804 affects Termix versions 1.7.0–1.9.0, where the File Viewer component in the File Manager (src/ui/desktop/apps/file-manager/components/FileViewer.tsx) fails to sanitize SVG content, allowing a stored XSS that can execute arbitrary JavaScript in the app context. If exploited, this ca...

PT-2026-2313

Name of the Vulnerable Software and Affected Versions Termix versions 1.7.0 through 1.9.0 Description Termix is a web-based server management platform offering SSH terminal, tunneling, and file editing features. A Stored Cross-Site Scripting XSS issue exists in the Termix File Manager component d...

CVE-2023-4861

The File Manager Pro WordPress plugin before 1.8.1 allows admin users to upload arbitrary files, even in environments where such a user should not be able to gain full control of the server, such as a multisite installation. This leads to remote code execution...

CVE-2023-4827

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the fsconnector AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell...

CVE-2023-40985

An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting XSS vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file ...

CVE-2018-18823

WolfCMS 0.8.3.1 allows XSS via an SVG file to /?/admin/plugin/filemanager/browse/...

CVE-2025-14804

The Frontend File Manager Plugin WordPress plugin before 23.5 did not validate a path parameter and ownership of the file, allowing any authenticated users, such as subscribers to delete arbitrary files on the server...

CVE-2022-38296

Cuppa CMS v1.0 was discovered to contain an arbitrary file upload vulnerability via the File Manager...