CVE-2025-63307

Published: Nov 6, 2025

Modified: Nov 6, 2025

PUBLISHED

Description

alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting (XSS). The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/alexusmai/laravel-file-manager

https://github.com/Theethat-Thamwasin/CVE-2025-63307

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-63307

Description

Affected Products

References