Lucene search
+L

4 matches found

NVD
NVD
added 2025/08/02 12:15 a.m.8 views

CVE-2025-54789

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed i...

6.1CVSS0.00261EPSS
Exploits0References3
CVE
CVE
added 2025/08/01 11:26 p.m.22 views

CVE-2025-54789

The CVE-2025-54789 entry relates to the Files module, specifically the File Move functionality. Versions ≤ 0.16.9 allow injection of arbitrary JavaScript, enabling Browser JavaScript execution in the user’s session. This is the underlying issue described across multiple sources (NVD, Red Hat advi...

6.1CVSS7.9AI score0.00261EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/08/01 11:26 p.m.9 views

CVE-2025-54789 Files is Vulnerable to Reflected Self-XSS through its File Move Functionality

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed i...

5.1CVSS0.00261EPSS
Exploits0References3
OSV
OSV
added 2025/08/01 11:26 p.m.6 views

CVE-2025-54789 Files is Vulnerable to Reflected Self-XSS through its File Move Functionality

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed i...

5.1CVSS7.8AI score0.00261EPSS
Exploits0References5
Rows per page
Query Builder