Vulnerability Details CVE-2026-30579
File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 9.7%
CVSS Severity
CVSS v3 Score 6.5
References
Products affected by CVE-2026-30579
-
cpe:2.3:a:leefish:file_thingie:2.5.7