VYPR
Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Apr 7, 2026

Owlfiles File Manager 12.0.1 Cross-Site Scripting via HTTP Server

CVE-2022-50891

Description

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.