Search

Find a vulnerability

Search criteria

    2 vulnerabilities by filebrowser_project

    CVE-2021-37794 (GCVE-0-2021-37794)

    Vulnerability from nvd – Published: 2021-08-31 17:28 – Updated: 2024-08-04 01:30
    VLAI
    Summary
    A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:30:08.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/filebrowser/filebrowser"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross-site scripting (XSS) vulnerability exists in FileBrowser \u003c v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-31T17:28:09.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/filebrowser/filebrowser"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-37794",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored cross-site scripting (XSS) vulnerability exists in FileBrowser \u003c v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/filebrowser/filebrowser",
                  "refsource": "MISC",
                  "url": "https://github.com/filebrowser/filebrowser"
                },
                {
                  "name": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c"
                },
                {
                  "name": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd",
                  "refsource": "MISC",
                  "url": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-37794",
        "datePublished": "2021-08-31T17:28:09.000Z",
        "dateReserved": "2021-08-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:30:08.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-37794 (GCVE-0-2021-37794)

    Vulnerability from cvelistv5 – Published: 2021-08-31 17:28 – Updated: 2024-08-04 01:30
    VLAI
    Summary
    A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:30:08.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/filebrowser/filebrowser"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A stored cross-site scripting (XSS) vulnerability exists in FileBrowser \u003c v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-31T17:28:09.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/filebrowser/filebrowser"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-37794",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stored cross-site scripting (XSS) vulnerability exists in FileBrowser \u003c v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/filebrowser/filebrowser",
                  "refsource": "MISC",
                  "url": "https://github.com/filebrowser/filebrowser"
                },
                {
                  "name": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c",
                  "refsource": "MISC",
                  "url": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c"
                },
                {
                  "name": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd",
                  "refsource": "MISC",
                  "url": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-37794",
        "datePublished": "2021-08-31T17:28:09.000Z",
        "dateReserved": "2021-08-02T00:00:00.000Z",
        "dateUpdated": "2024-08-04T01:30:08.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }