Medium severity5.4NVD Advisory· Published Jan 28, 2026· Updated Apr 15, 2026
CVE-2020-36988
CVE-2020-36988
Description
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.