3 matches found
Kae's File Manager <=1.4.7 - Cross-Site Scripting
Kae's File Manager through 1.4.7 contains a cross-site scripting vulnerability via a crafted GET request to /kfm/index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...
CVE-2022-40359
Cross site scripting XSS vulnerability in kfm through 1.4.7 via crafted GET request to /kfm/index.php...
CVE-2022-40359
KVE-2022-40359 details a Cross-Site Scripting (XSS) vulnerability in Kae's File Manager (kfm) up to version 1.4.7. An attacker can exploit a crafted GET request to /kfm/index.php to inject script in the victim’s browser. Consequences include potential cookie-based credential theft and other brows...