Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
1 vulnerability by filebrowser_project
CVE-2021-37794 (GCVE-0-2021-37794)
Vulnerability from cvelistv5 – Published: 2021-08-31 17:28 – Updated: 2024-08-04 01:30
VLAI
Summary
A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/filebrowser/filebrowser | x_refsource_MISC |
| https://gist.github.com/omriinbar/1e28649f31d795b… | x_refsource_MISC |
| https://github.com/filebrowser/filebrowser/commit… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:30:08.273Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/filebrowser/filebrowser"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability exists in FileBrowser \u003c v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-31T17:28:09.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/filebrowser/filebrowser"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-37794",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A stored cross-site scripting (XSS) vulnerability exists in FileBrowser \u003c v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/filebrowser/filebrowser",
"refsource": "MISC",
"url": "https://github.com/filebrowser/filebrowser"
},
{
"name": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c",
"refsource": "MISC",
"url": "https://gist.github.com/omriinbar/1e28649f31d795b0e9b7698a9d255b5c"
},
{
"name": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd",
"refsource": "MISC",
"url": "https://github.com/filebrowser/filebrowser/commit/201329abce4e92ae9071b9ded81e267aae159fbd"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-37794",
"datePublished": "2021-08-31T17:28:09.000Z",
"dateReserved": "2021-08-02T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:30:08.273Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}