CVE-2026-30578

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions File Thinghie version 2.5.7

Description File Thinghie version 2.5.7 is susceptible to Cross Site Scripting (XSS). A malicious user can exploit this to execute arbitrary JavaScript code by manipulating the dir parameter within a GET request. The vulnerable API endpoint is accessed via a GET request. The dir parameter is the vulnerable variable.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the dir parameter to prevent the injection of malicious scripts.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2026-30578

Affected Products

File Thingie

CVE-2026-30578

Weakness Enumeration

Related Identifiers

Affected Products

References · 4