269 matches found
Incorrect Authorization
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Incorrect Authorization via improper normalization of URL paths in the rules. An attacker can gain unauthorized access to restricted files and perform unauthorized...
Improper Handling of Case Sensitivity
Overview github.com/filebrowser/filebrowser/v2/http is a web file browser. Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of case sensitivity in the userPutHandler function. An attacker can gain unauthorized access to user accoun...
Improper Handling of Case Sensitivity
Overview Affected versions of this package are vulnerable to Improper Handling of Case Sensitivity due to improper handling of case sensitivity in the userPutHandler function. An attacker can gain unauthorized access to user accounts and modify passwords without verification by submitting API...
GO-2026-4344 File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser
File Browser Vulnerable to Username Enumeration via Timing Attack in /api/login in github.com/filebrowser/filebrowser...
CVE-2026-23849 vulnerabilities
Vulnerabilities for packages: filebrowser...
GHSA-43MM-M3H2-3PRC vulnerabilities
Vulnerabilities for packages: filebrowser...
CVE-2026-23849 vulnerabilities
Vulnerabilities for packages: filebrowser...
GHSA-43MM-M3H2-3PRC vulnerabilities
Vulnerabilities for packages: filebrowser...
Timing Attack
Overview Affected versions of this package are vulnerable to Timing Attack via the JSONAuth.Auth function. An unauthenticated attacker can determine valid usernames by measuring the response time of the /api/login endpoint, exploiting the timing discrepancy between valid and invalid username...
FileBrowser security vulnerability
FileBrowser is a web-based file browser developed by Seagate as open source. It provides a file management interface for specified directories, allowing users to upload, delete, preview, rename, and edit their files. It supports multiple users, with each user having their own directories...
CVE-2018-12298
Directory Traversal in filebrowser in Seagate NAS OS 4.3.15.1 allows attackers to read files within the application's container via a URL path...
CVE-2025-53893 vulnerabilities
Vulnerabilities for packages: filebrowser...
GHSA-7XQM-7738-642X vulnerabilities
Vulnerabilities for packages: filebrowser...
GHSA-7XQM-7738-642X vulnerabilities
Vulnerabilities for packages: filebrowser...
CVE-2025-53893 vulnerabilities
Vulnerabilities for packages: filebrowser...
CMSimple cross-site scripting vulnerability (CNVD-2026-0082457)
CMSimple is a free content management system. CMSimple suffers from a cross-site scripting vulnerability that stems from the Filebrowser external input field not properly filtering or encoding user-supplied content for output. An attacker can exploit the vulnerability by constructing malicious...
CVE-2021-47732
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
CVE-2021-47732
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
CVE-2021-47732
CMSimple 5.2 contains a stored cross-site scripting vulnerability in the Filebrowser External input field that allows attackers to inject malicious JavaScript. Attackers can place unfiltered JavaScript code that executes when users click on Page or Files tabs, enabling persistent script injection...
CVE-2021-47732
CMSimple 5.2 is affected by a stored cross-site scripting (XSS) vulnerability in the Filebrowser external input field. The issue allows an attacker to inject unfiltered JavaScript that executes when a user clicks the Page or Files tabs, enabling persistent script injection. Affected product/versi...