2023-09-16 02:00:29 +00:00
{
"id" : "CVE-2023-39612" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2023-09-16T01:15:07.397" ,
2023-09-17 14:00:28 +00:00
"lastModified" : "2023-09-17T12:01:04.570" ,
"vulnStatus" : "Awaiting Analysis" ,
2023-09-16 02:00:29 +00:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL."
}
] ,
"metrics" : { } ,
"references" : [
{
"url" : "https://febin0x4e4a.wordpress.com/2023/09/15/xss-in-filebrowser-leads-to-admin-account-takeover-in-filebrowser/" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/filebrowser/filebrowser/commit/b508ac3d4f7f0f75d6b49c99bdc661a6d2173f30" ,
"source" : "cve@mitre.org"
} ,
{
"url" : "https://github.com/filebrowser/filebrowser/issues/2570" ,
"source" : "cve@mitre.org"
}
]
}
