VYPR
← All advisories
Medium severity6.5OSV Advisory· Published Jun 19, 2025· Updated Apr 15, 2026

CVE-2025-50183

CVE-2025-50183

Description

OpenList Frontend is a UI component for OpenList. Prior to version 4.0.0-rc.4, a vulnerability exists in the file preview/browsing feature of the application, where files with a .py extension that contain JavaScript code wrapped in <script> tags may be interpreted and executed as HTML in certain modes. This leads to a stored XSS vulnerability. This issue has been patched in version 4.0.0-rc.4.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
@openlist-frontend/openlist-frontendnpm
< 4.0.0-rc.44.0.0-rc.4

Affected products

1

Patches

2
e9460e33c689
https://github.com/openlistteam/openlist-frontendvia osv
7b5ed20c608c
https://github.com/openlistteam/openlist-frontendvia osv
commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.