VDB
CISA-2025-52902
CISA-2025-52902
PUBLISHED
CVSS 7.6 HIGH
Reported by GitHub_M · Published June 26, 2025
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser. Version 2.33.7 contains a fix for the issue.
Risk Scores
CVSS 3.1
7.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| filebrowser | filebrowser | < 2.33.7 |
| filebrowser | filebrowser | *, < 2.33.7 |
Timeline
- Jun 26, 2025 CVE Published
- Jun 26, 2025 CVE Updated