21 matches found
📄 WebFileSys 2.31.1 Cross Site Scripting
WebFileSys version 2.31.1 suffers from multiple cross site scripting vulnerabilities. CVE-2026-29971 An attacker can execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking or privilege escalation. CVE-2026-29971 Vulnerability Reflected Cross-Site Scripting...
CVE-2026-29971
A reflected cross-site scripting XSS vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBack...
CVE-2026-29971
A reflected cross-site scripting XSS vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBack...
CVE-2026-29971
A reflected cross-site scripting XSS vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBack...
WebFileSys 安全漏洞
WebFileSys is a web-based multi-user file manager developed by WebFileSys Inc. in Java. Version 2.31.1 of WebFileSys contains a security vulnerability, which stems from improperly encoded user-controlled inputs. This vulnerability could lead to reflection-type cross-site scripting attacks...
PT-2026-35522
A reflected cross-site scripting XSS vulnerability exists in WebFileSys version 2.31.1. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser...
CVE-2026-29971
WebFileSys CVE-2026-29971: A reflected XSS in version 2.31.1 (pre-2.32.0) where user-controlled input is reflected into HTML/JavaScript without proper encoding, enabling arbitrary JavaScript execution in the victim’s browser via components such as ftpBackup, authentication input handling, search,...
CVE-2026-29971
A reflected cross-site scripting XSS vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBack...
Exploit for CVE-2026-29971
CVE-2026-29971 An attacker can execute arbitrary JavaScript in...
Exploit for CVE-2026-29971
CVE-2026-29971 An attacker can execute arbitrary JavaScript in...
EUVD-2024-52001
Malicious code in bioql PyPI...
WebFileSys 2.31.0 - Directory Path Traversal
Exploit Title: WebFileSys 2.31.0 - Directory Path Traversal in relPath Parameter Date: Nov 25, 2024 Exploit Author: Korn Chaisuwan, Charanin Thongudom, Pongtorn Angsuchotmetee Vendor Homepage: http://www.webfilesys.de/webfilesys-home/index.html Software Link:...
WebFileSys 2.31.0 Directory Traversal Vulnerability
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...
CVE-2024-53586
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...
CVE-2024-53586
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...
CVE-2024-53586
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...
WebFileSys 安全漏洞
WebFileSys is a Web-based multi-user file manager written in Java from WebFileSys, Inc. A security vulnerability exists in WebFileSys version 2.31.0, which stems from a problem with the relPath parameter that allows an attacker to perform directory traversal via a crafted HTTP request...
CVE-2024-53586
An issue in the relPath parameter of WebFileSys version 2.31.0 allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the parameter, attackers can manipulate file paths and gain unauthorized access to sensitive files, potentially exposing...
CVE-2024-53586
CVE-2024-53586 : WebFileSys 2.31.0 is affected by a directory-traversal in the relPath parameter. A crafted HTTP request (e.g., using ../../.. payloads) can manipulate file paths and gain unauthorized access to sensitive files outside the intended directory. Exploit details are demonstrated in Ex...
PT-2025-5881 · Unknown · Webfilesys
Name of the Vulnerable Software and Affected Versions: WebFileSys version 2.31.0 Description: An issue in the relPath parameter allows attackers to perform directory traversal via a crafted HTTP request. By injecting traversal payloads into the relPath parameter, attackers can manipulate file pat...