CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

CVE-2021-47732 CMSimple 5.2 Stored Cross-Site Scripting via Filebrowser External Input

CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...

CMSimple 跨站脚本漏洞

CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...

PT-2025-52832

Name of the Vulnerable Software and Affected Versions CMSimple version 5.2 Description CMSimple 5.2 has a stored cross-site scripting issue in the Filebrowser External input field. This allows attackers to inject malicious JavaScript code. When users click on the Page or Files tabs, the injected...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the shareDeleteHandler function, which handles deletion requests based solely on the share hash, and does not verify whether the link.UserID matches the currently authenticated user's ID d.user.ID. An attacker...

CVE-2025-64523

Summary: The FileBrowser project (github.com/filebrowser/filebrowser/v2/http) has an IDOR vulnerability in the share deletion endpoint. The shareDeleteHandler deletes a share based only on the provided hash, with no check that the share’s owner matches the authenticated user (d.user.ID). This per...

CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

CVE-2025-64523 FileBrowser has Insecure Direct Object Reference (IDOR) in Share Deletion Function

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Versions prior to 2.45.1 have an Insecure Direct Object Reference IDOR vulnerability in the FileBrowser application's share deletion functionality. Th...

FileBrowser 安全漏洞

FileBrowser is an open source web file browser from Seagate. Provides a file management interface in a specified directory for uploading, deleting, previewing, renaming and editing your files. It allows the creation of multiple users , each user can have its own directory . It can be used as a...

EUVD-2021-24275

Malware in sbrugna...

EUVD-2013-2019

Malware in sbrugna...

EUVD-2025-30900

Malicious code in bioql PyPI...

EUVD-2023-43321

Malicious code in bioql PyPI...

EUVD-2022-0876

Malicious code in bioql PyPI...

CVE-2025-59548

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

Cross-site Scripting (XSS)

Overview DotNetNuke.Core is a references provider to the DotNetNuke.dll to develop extensions for the DNN Platform. Affected versions of this package are vulnerable to Cross-site Scripting XSS in the FileBrowser module. An attacker can execute arbitrary JavaScript in the context of a user's brows...

CVE-2025-59548

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

CVE-2025-59548 DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...

CVE-2025-59548

DNN (DotNetNuke) is vulnerable to Reflected XSS in the CKEditor/FileBrowser prior to version 10.1.0. Specially crafted URLs to the FileBrowser could cause javascript injection when users click the link. The issue has been addressed in version 10.1.0 (patched). Affected software: DNN platform; vul...

CVE-2025-59548 DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser

DNN formerly DotNetNuke is an open-source web content management platform CMS in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched in...