Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
FileBrowser Quantum: Stored XSS in public share page via unsanitized share metadata (text/template misuse)
Vulnerability Description
FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/<hash> without context-aware escaping. The server uses text/template instead of html/template, allowing injected scripts to execute when victims visit the share URL. This vulnerability is fixed in 1.3.1-beta and 1.2.2-stable.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
FileBrowser Quantum 跨站脚本漏洞
Vulnerability Description
FileBrowser Quantum是Graham Steffaniak个人开发者的一个文件管理器。 FileBrowser Quantum 1.3.1-beta之前版本和1.2.2-stable之前版本存在跨站脚本漏洞,该漏洞源于共享元数据字段渲染时未使用上下文感知转义,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A