Upstream information

CVE-2025-52902 at MITRE

Description

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser. Version 2.33.7 contains a fix for the issue.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v3 Scores
  CNA (GitHub) National Vulnerability Database
Base Score 7.6 5.4
Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack Vector Network Network
Attack Complexity Low Low
Privileges Required Low Low
User Interaction Required Required
Scope Changed Changed
Confidentiality Impact High Low
Integrity Impact Low Low
Availability Impact None None
CVSSv3 Version 3.1 3.1
No SUSE Bugzilla entries cross referenced.

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
openSUSE Tumbleweed
  • govulncheck-vulndb >= 0.0.20250730T213748-1.1
Patchnames:
openSUSE-Tumbleweed-2025-15405


SUSE Timeline for this CVE

CVE page created: Thu Jun 26 18:04:02 2025
CVE page last modified: Tue Aug 5 01:30:21 2025