CVE-2020-36988

Name of the Vulnerable Software and Affected Versions PDW File Browser versions 1.3 and earlier

Description PDW File Browser versions 1.3 and earlier are susceptible to stored and reflected cross-site scripting issues. Authenticated attackers can inject malicious scripts through file rename and path parameters. Attackers can create malicious URLs or rename files containing XSS payloads to execute arbitrary JavaScript in the browsers of users accessing the file browser. The vulnerable parameters include file rename and path parameters.

Recommendations Versions prior to 1.3 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.