Vulnerabilities > Afian > Filerun > 2021.03.26
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-28876 | Unspecified vulnerability in Afian Filerun A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. | 4.3 |
| 2021-10-05 | CVE-2021-35506 | Cross-site Scripting vulnerability in Afian Filerun 2021.03.26 Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | 6.1 |
| 2021-10-05 | CVE-2021-35503 | Cross-site Scripting vulnerability in Afian Filerun 2021.03.26 Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | 6.1 |
| 2021-10-05 | CVE-2021-35504 | Injection vulnerability in Afian Filerun Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | 7.2 |
| 2021-10-05 | CVE-2021-35505 | Injection vulnerability in Afian Filerun Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | 7.2 |