Cross-Site Scripting Vulnerability in FileBrowser by FileBrowser
CVE-2023-39612

9CRITICAL

Key Information:

Vendor: Filebrowser
Status: Filebrowser
Vendor: CVE Published:; 16 September 2023

🔔 Create Filebrowser Vulnerability Alert

What is CVE-2023-39612?

A cross-site scripting (XSS) vulnerability exists in FileBrowser prior to version 2.23.0, enabling an authenticated attacker to escalate their privileges to that of an Administrator. This can occur through user interaction with a specially crafted HTML file or URL, which may lead to unauthorized access and possible control over the affected system. It highlights the importance of reviewing file handling and user input processes to mitigate such risks.

References

https://github.com/filebrowser/filebrowser/issues/2570

https://github.com/filebrowser/filebrowser/commit/b508ac3...

https://febin0x4e4a.wordpress.com/2023/09/15/xss-in-fileb...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2023
Vulnerability Reserved
Aug 7, 2023

JSON