GO-2026-4660 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse) in github.com/gtsteffaniak/filebrowser

FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata text/template misuse in github.com/gtsteffaniak/filebrowser...

CVE-2026-30934 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead ...

CVE-2026-30934 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead ...

CVE-2026-30934 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead ...

CVE-2026-30934

CVE-2026-30934 affects FileBrowser Quantum (self-hosted web-based file manager). Prior to versions 1.3.1-beta and 1.2.2-stable, a Stored XSS exists via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/. The server uses Go text/template instead of html...

GHSA-R633-FCGP-M532 FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)

Summary Stored XSS is possible via share metadata fields e.g., title, description that are rendered into HTML for /public/share/ without context-aware escaping. The server uses text/template instead of html/template, allowing injected scripts to execute when victims visit the share URL. Details T...

PT-2025-29134 · Unknown · Secure-Upload

Name of the Vulnerable Software and Affected Versions: Secure-upload versions prior to 0.815.0 Description: Secure-upload is a data submission service that validates single-use tokens when accepting submissions to channels. The service was installed on a limited number of environments. Privileged...

XWiki Platform 安全漏洞

Xwiki Platform is a suite of Wiki platforms for creating Web collaboration applications from the French company Xwiki. A security vulnerability exists in XWiki Platform that stems from the fact that in the affected version, any user with editing privileges can copy the content of a page to which...