Unknown · Mndpsingh287 Frontend File Manager · CVE-2025-27358
Name of the Vulnerable Software and Affected Versions:
mndpsingh287 Frontend File Manager versions n/d through 23.2
Description:
The issue is related to improper neutralization of script-related HTML tags in a web page, which allows code injection. This is a basic XSS vulnerability.
Recommendations:
For versions n/d through 23.2, consider disabling script execution in the frontend file manager as a temporary workaround until a patch is available.
Restrict access to the file manager to minimize the risk of exploitation.
Avoid using user-inputted data in the affected HTML tags until the issue is resolved.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.