CVE-2025-48495 Gokapi has stored XSS vulnerability in friendly name for API keys

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

CVE-2025-48495 Gokapi has stored XSS vulnerability in friendly name for API keys

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

CVE-2025-48494 Gokapi vulnerable to stored XSS via uploading file with malicious file name

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens...

CVE-2025-48494 Gokapi vulnerable to stored XSS via uploading file with malicious file name

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens...

CVE-2025-48494 Gokapi vulnerable to stored XSS via uploading file with malicious file name

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens...

PT-2025-23497 · Gokapi · Gokapi

Name of the Vulnerable Software and Affected Versions: Gokapi versions prior to 2.0.0 Description: Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. A stored cross-site scripting issue can be exploited by uploading a file with JavaScript code embedded i...

Gokapi 安全漏洞

Gokapi is a lightweight self-hosted Firefox sending alternative by Marc Bulling, a personal developer. A security vulnerability exists in Gokapi versions prior to 2.0.0, which stems from the fact that embedded JavaScript code in uploaded filenames may lead to a stored cross-site scripting attack...

PT-2025-23498 · Gokapi · Gokapi

Name of the Vulnerable Software and Affected Versions: Gokapi versions prior to 2.0.0 Description: Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. The issue allows an authenticated user to inject JS into the API key overview by renaming the friendly...

Gokapi 安全漏洞

Gokapi is a lightweight, self-hosted Firefox sending alternative from Marc Bulling Personal Developer. A security vulnerability exists in Gokapi versions prior to 2.0.0, which stems from a cross-site scripting attack that may result from the injection of JavaScript code when renaming API key...