Vulnerabilities > Std42 > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-19 | CVE-2023-35840 | Path Traversal vulnerability in Std42 Elfinder _joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector. | 6.5 |
| 2022-02-08 | CVE-2021-45919 | Cross-site Scripting vulnerability in Std42 Elfinder Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. | 5.4 |
| 2019-01-10 | CVE-2019-5884 | Information Exposure vulnerability in Std42 Elfinder php/elFinder.class.php in elFinder before 2.1.45 leaks information if PHP's curl extension is enabled and safe_mode or open_basedir is not set. | 5.9 |