Tag

Filebrowser

3 briefs RSS

File Browser Share Links Accessible After Permission Revocation

File Browser share links remain accessible after Share/Download permissions are revoked, allowing continued access to shared files even after an administrator revokes the user's permissions.

filebrowser authorization-bypass github-advisory cve-2026-35604

3r 1t 1c 3w ago

medium advisory

File Browser EPUB Preview Stored XSS Vulnerability (CVE-2026-34529)

2 rules

File Browser versions prior to 2.62.2 are vulnerable to stored cross-site scripting (XSS) via the EPUB preview function, allowing attackers to execute arbitrary JavaScript in a user's browser by embedding malicious code in a crafted EPUB file.

xss filebrowser cve-2026-34529

2r Apr 1, 2026

high advisory

File Browser Stored XSS via Crafted EPUB File

2 rules 5 TTPs 1 CVE 2 IOCs

File Browser version 2.62.1 and earlier is vulnerable to stored cross-site scripting (XSS) via crafted EPUB files, allowing attackers to execute arbitrary JavaScript in a victim's browser by exploiting the application's misconfigured iframe sandbox and stealing sensitive information like JWT tokens.

filebrowser xss epub cve-2026-34529

2r 5t 1c 2i Mar 31, 2026