CVE-2025-52902

Name of the Vulnerable Software and Affected Versions: File Browser versions prior to 2.33.7

Description: The Markdown preview function of File Browser is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser.

Recommendations: For versions prior to 2.33.7, update to version 2.33.7 to resolve the issue. As a temporary workaround, consider disabling the Markdown preview function until the update is applied. Restrict access to uploading Markdown files to minimize the risk of exploitation.