FileCodeBox
Products
1- 4 CVEs
Recent CVEs
4| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34525 | Med | 0.34 | 5.3 | 0.00 | May 6, 2024 | FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file. | ||
| CVE-2025-51663 | 0.00 | — | 0.00 | Nov 19, 2025 | A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and X-Forwarded-For HTTP headers. This can enable attackers to perform DoS attacks or… | |||
| CVE-2025-51662 | 0.00 | — | 0.00 | Nov 19, 2025 | A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically… | |||
| CVE-2025-51661 | 0.00 | — | 0.00 | Nov 19, 2025 | A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.save_file method in core/storage.py uses filenames from user input without validation to construct… |
- risk 0.34cvss 5.3epss 0.00
FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file.
- CVE-2025-51663Nov 19, 2025risk 0.00cvss —epss 0.00
A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and X-Forwarded-For HTTP headers. This can enable attackers to perform DoS attacks or…
- CVE-2025-51662Nov 19, 2025risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically…
- CVE-2025-51661Nov 19, 2025risk 0.00cvss —epss 0.00
A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.save_file method in core/storage.py uses filenames from user input without validation to construct…