Cross-Site Scripting (XSS)

fileview is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a user’s browser via the filename parameter as there was no validation and sanitization on filenames.