EUVD-2025-30900

Malicious code in bioql PyPI...

CVE-2025-59548

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the FileBrowser module. An attacker can execute arbitrary JavaScript in the context of a user's brows...

CVE-2025-59548

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

CVE-2025-59548 DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

CVE-2025-59548

DNN (DotNetNuke) is vulnerable to Reflected XSS in the CKEditor/FileBrowser prior to version 10.1.0. Specially crafted URLs to the FileBrowser could cause javascript injection when users click the link. The issue has been addressed in version 10.1.0 (patched). Affected software: DNN platform; vul...

CVE-2025-59548 DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

PT-2025-39200

Name of the Vulnerable Software and Affected Versions DNN formerly DotNetNuke versions prior to 10.1.0 Description DNN formerly DotNetNuke is an open-source web content management platform. Versions prior to 10.1.0 have a javascript injection issue related to specially crafted URLs to the...

CVE-2024-35203

Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting XSS via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system...

CVE-2024-35203

Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting XSS via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system...

CVE-2024-35203

Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting XSS via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system...

CVE-2024-35203

Mahara before 22.10.6, 23.04.6, and 24.04.1 allows cross-site scripting XSS via a file, with JavaScript code as part of its name, that is uploaded via the Mahara filebrowser system...

Unspecified Vulnerability in FileBrowser

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a security vulnerability that stems from a flaw in the authentication system that can be exploit...

FileBrowser Denial of Service Vulnerability

FileBrowser is an open source web file browser . Provides a file management interface in a specified directory , can be used to upload , delete , preview , rename and edit your files . FileBrowser has a denial of service vulnerability , the vulnerability stems from a flaw in the file handling log...

Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to improper handling of JWT tokens in the session process. An attacker can maintain unauthorized access to a user session by reusing a previously valid JWT token after the user has logged out...

GO-2025-3786 filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser

filebrowser Allows Shell Commands to Spawn Other Commands in github.com/filebrowser/filebrowser...

GO-2025-3784 filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser

filebrowser allows Stored Cross-Site Scripting through the Markdown preview function in github.com/filebrowser/filebrowser...

GO-2025-3785 filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser

filebrowser Sets Insecure File Permissions in github.com/filebrowser/filebrowser...

Denial Of Service (DoS)

github.com/filebrowser/filebrowser is vulnerable to Denial of Service DoS. The vulnerability is due to the server loading entire file content into memory without size checks during read operations on the /files/file-name endpoint, which allows an attacker to upload a large file and trigger...

CVE-2025-53826

creationtimestamp| type| source ---|---|--- 2025-07-15 17:26:25+00:00| published-proof-of-concept| https://github.com/filebrowser/filebrowser/security/advisories/GHSA-7xwp-2cpp-p8r7...