CVE-2022-50891

Name of the Vulnerable Software and Affected Versions Owlfiles File Manager version 12.0.1

Description Owlfiles File Manager contains a cross-site scripting issue that enables attackers to inject malicious scripts. This is achieved by exploiting the path parameter within HTTP server endpoints, specifically the download and list endpoints. Attackers can construct URLs with embedded script tags to execute arbitrary JavaScript in the browsers of users. The vulnerable parameter is path. The affected API endpoints are the download and list endpoints.

Recommendations Apply any available updates to address this issue. As a temporary workaround, consider sanitizing the path parameter to prevent the injection of malicious scripts.