QwikSec

Security Database

CVE

CWE

Training

CVE-2021-37794

Published: Aug 31, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/filebrowser/filebrowser

x_refsource_MISC

https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c

x_refsource_MISC

https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.