277 matches found
GHSA-7XQM-7738-642X vulnerabilities
Vulnerabilities for packages: filebrowser...
CVE-2025-53893 vulnerabilities
Vulnerabilities for packages: filebrowser...
CMSimple cross-site scripting vulnerability (CNVD-2026-0082457)
CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...
CVE-2021-47732
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
CVE-2021-47732
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
CVE-2021-47732
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
CVE-2021-47732
CMSimple 5.2 is affected by a stored cross-site scripting (XSS) vulnerability in the Filebrowser external input field. The issue allows an attacker to inject unfiltered JavaScript that executes when a user clicks the Page or Files tabs, enabling persistent script injection. Affected product/versi...
CMSimple 跨站脚本漏洞
CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...
PT-2025-52832
Name of the Vulnerable Software and Affected Versions CMSimple version 5.2 Description CMSimple 5.2 has a stored cross-site scripting issue in the Filebrowser External input field. This allows attackers to inject malicious JavaScript code. When users click on the Page or Files tabs, the injected...
Improper Authorization
Overview Affected versions of this package are vulnerable to Improper Authorization via the shareDeleteHandler function, which handles deletion requests based solely on the share hash, and does not verify whether the link.UserID matches the currently authenticated user's ID d.user.ID. An attacker...
CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...
CVE-2025-64523
Summary: The FileBrowser project (github.com/filebrowser/filebrowser/v2/http) has an IDOR vulnerability in the share deletion endpoint. The shareDeleteHandler deletes a share based only on the provided hash, with no check that the share’s owner matches the authenticated user (d.user.ID). This per...
CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...
FileBrowser 安全漏洞
FileBrowser is an open source web file browser from Seagate. Provides a file management interface in a specified directory for uploading, deleting, previewing, renaming and editing your files. It allows the creation of multiple users , each user can have its own directory . It can be used as a...
EUVD-2021-24275
Malware in sbrugna...
EUVD-2013-2019
Malware in sbrugna...
EUVD-2023-43321
Malicious code in bioql PyPI...
EUVD-2022-0876
Malicious code in bioql PyPI...