Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
LanolFilecodebox2.2

3 matches found

CVE
CVEadded 2025/11/19 12:0 a.m.11 views

CVE-2025-51661

FileCodeBox has a path traversal vulnerability affecting v2.2 and earlier where SystemFileStorage.save_file uses unvalidated user-supplied filenames to build save_path. An unauthenticated /share/file/upload endpoint can be abused to write arbitrary files outside the intended directory by crafted ...

7.5CVSS6.5AI score0.00077EPSS
Web
CVE
CVEadded 2025/11/19 12:0 a.m.7 views

CVE-2025-51662

FileCodeBox contains a stored XSS in the text sharing feature for versions ≤ 2.2 due to insufficient input validation. Attackers can inject JavaScript into shared codeboxes, and the payload executes in users’ browsers when they access the infected codebox via a link or shared code. Connected advi...

5.4CVSS5.5AI score0.00026EPSS
CVE
CVEadded 2025/11/19 12:0 a.m.7 views

CVE-2025-51663

FileCodeBox (up to 2.2) includes an IP rate-limiting flaw in the IPRateLimit implementation that lets remote attackers bypass ip-based rate limits and failed attempt restrictions by forging X-Real-IP and X-Forwarded-For headers. This can enable DoS or brute-force sharing code attempts. Affected c...

7.5CVSS6.6AI score0.00134EPSS