CVE-2024-50807

Name of the Vulnerable Software and Affected Versions Trippo Responsive Filemanager version 9.14.0

Description The issue is related to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions. This occurs when files with these extensions are uploaded, potentially allowing malicious scripts to be executed.

Recommendations For Trippo Responsive Filemanager version 9.14.0, consider disabling file uploads with svg and pdf extensions until a patch is available. Restrict access to the file upload feature to minimize the risk of exploitation. Avoid using the file upload feature for svg and pdf files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.