Tag

Cve-2026-34529

2 briefs RSS

File Browser EPUB Preview Stored XSS Vulnerability (CVE-2026-34529)

File Browser versions prior to 2.62.2 are vulnerable to stored cross-site scripting (XSS) via the EPUB preview function, allowing attackers to execute arbitrary JavaScript in a user's browser by embedding malicious code in a crafted EPUB file.

xss filebrowser cve-2026-34529

2r Apr 1, 2026

high advisory

File Browser Stored XSS via Crafted EPUB File

2 rules 5 TTPs 1 CVE 2 IOCs

File Browser version 2.62.1 and earlier is vulnerable to stored cross-site scripting (XSS) via crafted EPUB files, allowing attackers to execute arbitrary JavaScript in a victim's browser by exploiting the application's misconfigured iframe sandbox and stealing sensitive information like JWT tokens.

filebrowser xss epub cve-2026-34529

2r 5t 1c 2i Mar 31, 2026