Medium severity6.1NVD Advisory· Published Apr 27, 2026· Updated Apr 28, 2026
CVE-2026-29971
CVE-2026-29971
Description
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBackup functionality, authentication input handling, search functionality, and error message rendering components
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- Range: <2.32.0
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.