VYPR
Medium severity5.4NVD Advisory· Published Jan 28, 2026· Updated Apr 15, 2026

CVE-2020-36988

CVE-2020-36988

Description

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.