CVE-2025-27358

Name of the Vulnerable Software and Affected Versions: mndpsingh287 Frontend File Manager versions n/d through 23.2

Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows code injection. This is a basic XSS vulnerability.

Recommendations: For versions n/d through 23.2, consider disabling script execution in the frontend file manager as a temporary workaround until a patch is available. Restrict access to the file manager to minimize the risk of exploitation. Avoid using user-inputted data in the affected HTML tags until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.