CVE-2026-30578

Published: Mar 20, 2026 Last Modified: Mar 20, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the 'dir' parameter of the GET request to invoke arbitrary javascript code.

https://github.com/leefish/filethingie
https://github.com/leefish/filethingie
https://github.com/SpeWnz/Vulnerability-Research/tree/main/…
https://github.com/SpeWnz/Vulnerability-Research/tree/main/CVE-2026-30578