CVE-2026-34529
🟡 Monitoruj
Funkcja podglądu EPUB w File Browser umożliwia zdalne wykonanie skryptu XSS.
CVSS
7.6
EPSS
0.0%
Exploit
poc
Vendor
filebrowser
Opis źródłowy (NVD)
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to version 2.62.2, the EPUB preview function in File Browser is vulnerable to Stored Cross-Site Scripting (XSS). JavaScript embedded in a crafted EPUB file executes in the victim's browser when they preview the file. This issue has been patched in version 2.62.2.
exploit xss
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.6 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 0.0% |
| Opublikowano (NVD) | 2026-04-01 21:17:00 UTC |
| Ostatnia modyfikacja (NVD) | 2026-04-06 20:39:47 UTC |
Referencje
- https://github.com/filebrowser/filebrowser/releases/tag/v2.62.2 (security-advisories@github.com) [Product, Release Notes]
- https://github.com/filebrowser/filebrowser/security/advisories/GHSA-5vpr-4fgw-f69h (security-advisories@github.com) [Exploit, Vendor Advisory]