CVE-2022-50951

Sažetak

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infected file paths, potentially compromising user browser sessions.

Reference

https://play.google.com/store/apps/details?id=com.dooblou.WiFiFileExplorerPRO&hl=en_US
https://www.vulncheck.com/advisories/wifi-file-transfer-persistent-xss-via-web-server-input-validation
https://www.vulnerability-lab.com/get_content.php?id=2322

CVSS

Base:	6.4
Impact:	2.7
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

03-02-2026 - 16:44

Objavljeno

01-02-2026 - 13:15