CRITICAL🇬🇧 English

CVE-2023-39612

CVSS 9.0v3.1pub. 2023-09-16upd. 2025-03-27

A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
  • Filebrowser

    APP
    Filebrowser
    < 2.25.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSSLPE
CWE
Referencje

Powiązane podatności

CVE-2026-32760CRITICAL10.0PL ✓ten sam produkt

File Browser: niezabezpieczona rejestracja konta administratora bez uwierzytelnienia

CVE-2026-29188CRITICAL9.1PL ✓ten sam produkt

Broken Access Control w File Browser — usuwanie plików bez uprawnień

CVE-2026-35604HIGH8.2ten sam produkt

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files wit...

CVE-2026-35585HIGH7.5ten sam produkt

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files wit...

CVE-2026-35607HIGH8.1ten sam produkt

File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files wit...

CVE-2023-39612 — CRITICAL 9.0 | CVEbaza.pl