CVE-2025-63307

Name of the Vulnerable Software and Affected Versions alexusmai laravel-file-manager version 3.3.1

Description Cross Site Scripting (XSS) occurs because the application allows users to upload, create, and rename files as HTML and SVG types. These files are served inline without sufficient output sanitization or content-type validation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.