Leefish

**Name of the Vulnerable Software and Affected Versions** File Thingie version 2.5.7 **Description** File Thingie version 2.5.7 is susceptible to Cross Site Scripting (XSS). A malicious user can exploit the "upload file" functionality by uploading a file with a specially crafted file name to trigger a Javascript payload. The vulnerable functionality involves the processing of uploaded files and their associated names. The `filename` is not properly sanitized before being used in a web page, allowing for the injection of malicious scripts. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict the types of files that can be uploaded. Sanitize the `filename` before using it in a web page.

**Name of the Vulnerable Software and Affected Versions** File Thingie version 2.5.7 **Description** File Thingie version 2.5.7 is susceptible to a Directory Traversal issue. A malicious user can exploit the application's "create folder from url" functionality to read arbitrary files on the target system. The vulnerability involves manipulating the input to access files outside the intended directory. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.