Vulnerabilities > Afian > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-28875 | Cross-site Scripting vulnerability in Afian Filerun 2022.02.02 A Stored XSS issue in shared files download terms in Filerun Update 20220202 allows attackers to inject JavaScript code that is executed when a user follows the crafted share link. | 5.4 |
| 2023-12-06 | CVE-2023-28876 | Unspecified vulnerability in Afian Filerun A Broken Access Control issue in comments to uploaded files in Filerun through Update 20220202 allows attackers to delete comments on files uploaded by other users. | 4.3 |
| 2022-06-06 | CVE-2022-30469 | SQL Injection vulnerability in Afian Filerun 2022.02.02 In Afian Filerun 20220202, lack of sanitization of the POST parameter "metadata[]" in `/?module=fileman§ion=get&page=grid` leads to SQL injection. | 6.5 |
| 2021-10-05 | CVE-2021-35506 | Cross-site Scripting vulnerability in Afian Filerun 2021.03.26 Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | 4.3 |
| 2021-10-05 | CVE-2021-35503 | Cross-site Scripting vulnerability in Afian Filerun 2021.03.26 Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | 4.3 |
| 2021-10-05 | CVE-2021-35504 | Injection vulnerability in Afian Filerun Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the ffmpeg binary. | 6.5 |
| 2021-10-05 | CVE-2021-35505 | Injection vulnerability in Afian Filerun Afian FileRun 2021.03.26 allows Remote Code Execution (by administrators) via the Check Path value for the magick binary. | 6.5 |
| 2019-06-20 | CVE-2019-12905 | Cross-site Scripting vulnerability in Afian Filerun 2019.05.21 FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. | 4.3 |
| 2019-05-30 | CVE-2019-12459 | Path Traversal vulnerability in Afian Filerun 2019.05.21 FileRun 2019.05.21 allows customizables/plugins/audio_player Directory Listing. | 5.0 |
| 2019-05-30 | CVE-2019-12458 | Path Traversal vulnerability in Afian Filerun 2019.05.21 FileRun 2019.05.21 allows css/ext-ux Directory Listing. | 5.0 |