File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser. Version 2.33.7 contains a fix for the issue.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/filebrowser/filebrowser/v2(Go) | 0 | 2.33.7 | N/A |
| github.com/filebrowser/filebrowser(Go) | 0 | N/A | N/A |
CVSS Metrics
