Hunterxxx

**Name of the Vulnerable Software and Affected Versions** FuguHub version 8.1 **Description** A reflected cross-site scripting (XSS) issue exists when serving SVG files through the `/fs/` file manager interface. The software does not sanitize or restrict script execution within SVG content. An attacker can craft an SVG file containing an inline `<script>` element, and when a victim opens this file, the attacker-controlled JavaScript will be executed by the browser. The vulnerable component is the SVG file handling process within the file manager interface. **Recommendations** Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, avoid opening untrusted SVG files through the `/fs/` file manager interface.