Vulnerabilities > Filebrowser
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-16 | CVE-2023-39612 | Cross-site Scripting vulnerability in Filebrowser A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL. | 9.0 |
| 2022-02-04 | CVE-2021-46398 | Cross-Site Request Forgery (CSRF) vulnerability in Filebrowser A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. | 6.8 |