Upstream information
Description
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser. Version 2.33.7 contains a fix for the issue.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
CNA (GitHub) | National Vulnerability Database | |
---|---|---|
Base Score | 7.6 | 5.4 |
Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Attack Vector | Network | Network |
Attack Complexity | Low | Low |
Privileges Required | Low | Low |
User Interaction | Required | Required |
Scope | Changed | Changed |
Confidentiality Impact | High | Low |
Integrity Impact | Low | Low |
Availability Impact | None | None |
CVSSv3 Version | 3.1 | 3.1 |
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2025-15405 |
SUSE Timeline for this CVE
CVE page created: Thu Jun 26 18:04:02 2025CVE page last modified: Tue Aug 5 01:30:21 2025