CVE-2022-32167
Cloudreve vulnerable versions v1.0.0–v3.5.3 suffer Stored XSS via file upload. A low-privilege user can share a file with an admin, potentially enabling privilege escalation. No exploitation details or patch/version remediation are provided in the supplied documents.