ID |
CVE-2025-52902
|
Sažetak |
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser. Version 2.33.7 contains a fix for the issue. |
Reference |
|
CVSS |
Base: | 7.6 |
Impact: | 4.7 |
Exploitability: | 2.3 |
|
Pristup |
Vektor | Složenost | Autentikacija |
NETWORK |
LOW |
LOW |
|
Impact |
Povjerljivost | Cjelovitost | Dostupnost |
HIGH |
LOW |
NONE |
|
CVSS vektor |
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N |
Zadnje važnije ažuriranje |
26-06-2025 - 18:57 |
Objavljeno |
26-06-2025 - 15:15 |