Filebrowser: >> Filebrowser >> 1.2.7 Security Vulnerabilities
A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL.
CVSS Score
9.0
EPSS Score
0.001
Published
2023-09-16
A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.
CVSS Score
8.8
EPSS Score
0.092
Published
2022-02-04