Moderate severityNVD Advisory· Published Sep 20, 2022· Updated May 29, 2025
Cloudreve - Stored XSS
CVE-2022-32167
Description
Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/HFO4/cloudreveGo | >= 1.0.0, <= 2.0.0 | — |
github.com/cloudreve/Cloudreve/v3Go | >= 3.0.0, < 3.6.0-beta1 | 3.6.0-beta1 |
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- github.com/advisories/GHSA-fg25-gq9g-32mxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-32167ghsaADVISORY
- github.com/cloudreve/Cloudreve/commit/4b85541d73949969f41ad46d1e00544c9f1a7538ghsaWEB
- github.com/cloudreve/Cloudreve/releases/tag/3.6.0-beta1ghsaWEB
- www.mend.io/vulnerability-database/CVE-2022-32167ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.