Vulnerability Details CVE-2026-30578
File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.7%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-30578
-
cpe:2.3:a:leefish:file_thingie:2.5.7