DOM Cross-Site Scripting Vulnerability in DumbDrop File Upload Application
CVE-2025-47929

2.1LOW

Key Information:

Vendor: Dumbwareio
Status: Dumbdrop
Vendor: CVE Published:; 15 May 2025

What is CVE-2025-47929?

DumbDrop, a file upload application enabling users to drag and drop files, contains a DOM cross-site scripting (XSS) vulnerability in its upload functionality. This flaw could allow an attacker to deceive a user into uploading a file that contains a malicious payload. It's crucial that users and administrators update to the latest version, as the vulnerability is addressed in commit db27b25372eb9071e63583d8faed2111a2b79f1b.

Affected Version(s)

DumbDrop < db27b25372eb9071e63583d8faed2111a2b79f1b

References

https://github.com/DumbWareio/DumbDrop/security/advisorie...

x_refsource_CONFIRM

https://github.com/DumbWareio/DumbDrop/commit/db27b25372e...

x_refsource_MISC

CVSS V4

Score:

2.1

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 15, 2025
Vulnerability Reserved
May 14, 2025

CVE-2025-47929 Data

JSON

Dumbwareio

What is CVE-2025-47929?

Affected Version(s)

References

CVSS V4

Timeline