Tomasvanagas

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.62.2 Description File Browser's EPUB preview function is susceptible to Stored Cross-Site Scripting (XSS). A crafted EPUB file containing JavaScript can execute in a victim's browser when the file is previewed. The issue stems from the `frontend/src/views/files/Preview.vue` component passing `allowScriptedContent: true` to the `vue-reader` component, which, combined with `allow-scripts` and `allow-same-origin` in the iframe sandbox, renders the sandbox ineffective, allowing the script to access the parent frame's DOM and storage. The developers of epub.js explicitly warn against enabling scripted content. A proof-of-concept (PoC) demonstrates the ability to steal JWT tokens and exfiltrate a victim's public IP address. The vulnerability could lead to session hijacking and privilege escalation for users with upload access. Recommendations Update File Browser to version 2.62.2 or later.

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.62.2 Description: File Browser versions prior to 2.62.2 are susceptible to Stored Cross-Site Scripting (XSS) via admin-controlled branding fields. An administrator setting the `branding.name` field to a malicious payload injects persistent JavaScript that executes for all visitors, including unauthenticated users. The issue stems from the use of `text/template` instead of `html/template` in `http/static.go`, which lacks HTML escaping. The frontend template directly embeds these fields, allowing for the injection of arbitrary script into every page load. The `ReCaptchaHost` field can also be exploited to load arbitrary JavaScript from an admin-chosen origin. The absence of a `Content-Security-Policy` header exacerbates the risk. Recommendations: Update to version 2.62.2 or later.