CVE-2026-30934

Published: Mar 10, 2026 Last Modified: Mar 11, 2026
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 8,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: changed
Confidentiality: high
Integrity: high
Availability: low

Description

AI Translation Available

FileBrowser Quantum is a free, self-hosted, web-based file manager. Prior to 1.3.1-beta and 1.2.2-stable, Stored XSS is possible via share metadata fields (e.g., title, description) that are rendered into HTML for /public/share/<hash> without context-aware escaping. The server uses text/template instead of html/template, allowing injected scripts to execute when victims visit the share URL. This vulnerability is fixed in 1.3.1-beta and 1.2.2-stable.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0004
Percentile
0,1th
Updated

EPSS Score Trend (Last 7 Days)

79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Stable
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Access Control Confidentiality Integrity Availability
Potential Impacts:
Bypass Protection Mechanism Read Application Data Execute Unauthorized Code Or Commands
Applicable Platforms
Technologies: AI/ML, Web Based, Web Server
Likelihood of Exploit: High
View CWE Details
https://github.com/gtsteffaniak/filebrowser/releases/tag/v1…
https://github.com/gtsteffaniak/filebrowser/releases/tag/v1.2.2-stable
https://github.com/gtsteffaniak/filebrowser/releases/tag/v1…
https://github.com/gtsteffaniak/filebrowser/releases/tag/v1.3.1-beta
https://github.com/gtsteffaniak/filebrowser/security/adviso…
https://github.com/gtsteffaniak/filebrowser/security/advisories/GHSA-r633-fcgp-…