Vulnerability Details CVE-2025-63307
alexusmai laravel-file-manager 3.3.1 is vulnerable to Cross Site Scripting (XSS). The application permits user-controlled upload, create, and rename of files to HTML and SVG types and serves those files inline without adequate content-type validation or output sanitization.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.5%
CVSS Severity
CVSS v3 Score 8.1
References
Products affected by CVE-2025-63307
-
cpe:2.3:a:alexusmai:laravel_file_manager:3.3.1