CVE-2026-36163
LiquidFiles v4.2.7 contains an HTML injection vulnerability in the file view endpoint. Authenticated attackers can trigger arbitrary JavaScript execution in the victim’s browser by uploading and interacting with a crafted HTML file. The issue is described as HTML injection; no additional exploita...