PT-2026-57845 · Rejetto · Rejetto Hfs

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-61504

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Rejetto HFS versions 3.0.0 through 3.2.0
Description Stored Cross-Site Scripting occurs because the software fails to escape file names in its fallback basic web listing. This listing can be triggered by any browser using the ?get=basic parameter. An attacker with upload permissions, or an anonymous user on servers with an open upload folder, can upload a file with a name containing a malicious script that executes in the browser of any user viewing the listing.
Recommendations Update Rejetto HFS to a version later than 3.2.0. Restrict upload permissions or close open upload folders to prevent unauthorized file storage.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-61504

Affected Products

Rejetto Hfs