Unrated severityNVD Advisory· Published Aug 31, 2021· Updated Aug 4, 2024
CVE-2021-37794
CVE-2021-37794
Description
A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- FileBrowser/FileBrowserdescription
- Range: <2.16.0
Patches
Vulnerability mechanics
References
2- gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5cmitrex_refsource_MISC
- github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbdmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.