Unrated severityNVD Advisory· Published Jan 13, 2026· Updated Apr 7, 2026
Owlfiles File Manager 12.0.1 Cross-Site Scripting via HTTP Server
CVE-2022-50891
Description
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: =12.0.1
- Range: 12.0.1
Patches
Vulnerability mechanics
References
4- www.exploit-db.com/exploits/51036mitreexploit
- www.vulncheck.com/advisories/owlfiles-file-manager-cross-site-scripting-via-http-servermitrethird-party-advisory
- apps.apple.com/us/app/owlfiles-file-manager/id510282524mitreproduct
- www.skyjos.commitreproduct
News mentions
0No linked articles in our index yet.