216.73.217.98

CVE-2025-52902

· Published 26/06/2025 15:15 · Modified 26/06/2025 18:57

Labels: CVE-2025-52902 2025-06-26CVE-2025-52902CWE-79[email protected]

Essential information

Published
26/06/2025 15:15
Modified
26/06/2025 18:57
Author
Creator
CVSS
7.6 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

CVSS metrics

Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser. Version 2.33.7 contains a fix for the issue.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
file browser / file browser cpe:2.3:a:file_browser:file_browser:<2.33.7:*:*:*:*:*:*:*

References