Cross-Site Scripting Vulnerability in FileBrowser by FileBrowser
CVE-2023-39612

9CRITICAL

Key Information:

Vendor: Filebrowser
Status: Filebrowser
Vendor: CVE Published:; 16 September 2023

🔔 Create Filebrowser Vulnerability Alert

What is CVE-2023-39612?

A cross-site scripting (XSS) vulnerability exists in FileBrowser prior to version 2.23.0, enabling an authenticated attacker to escalate their privileges to that of an Administrator. This can occur through user interaction with a specially crafted HTML file or URL, which may lead to unauthorized access and possible control over the affected system. It highlights the importance of reviewing file handling and user input processes to mitigate such risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/filebrowser/filebrowser/issues/2570

https://github.com/filebrowser/filebrowser/commit/b508ac3...

https://febin0x4e4a.wordpress.com/2023/09/15/xss-in-fileb...

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 16, 2023
Vulnerability Reserved
Aug 7, 2023

JSON

Filebrowser

What is CVE-2023-39612?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.