I have discovered a Filename based *Cross Site Scripting Vulnerability** in all versions including the latest. The vulnerability allows to execute javascript and html scripts in the directory listing page.
Steps to reproduce the vulnerability:
Create a file on server with the crafted name (XSS)
Browser through the directory where that file is placed
Javascript will be executed as shown below
I hope you would patch this issue during the next update to the file manager.
Hi @prasathmani,
I have discovered a Filename based *Cross Site Scripting Vulnerability** in all versions including the latest. The vulnerability allows to execute javascript and html scripts in the directory listing page.
Steps to reproduce the vulnerability:
I hope you would patch this issue during the next update to the file manager.
Thanks, Dani