exploitDog

CVE-2025-54789

Опубликовано: 02 авг. 2025

Источник: nvd

CVSS3: 6.1

EPSS Низкий

Описание

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.

Ссылки

https://github.com/humhub/cfiles/commit/f022bdd1cc54334a7a2a6f90a8168bb9583a2f00
Patch
https://github.com/humhub/cfiles/releases/tag/v0.16.10
Release Notes
https://github.com/humhub/cfiles/security/advisories/GHSA-cw2v-c62w-5r43
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:humhub:files:*:*:*:*:*:*:*:*

Версия до 0.16.10 (исключая)

EPSS

Процентиль: 11%

0.00039

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-80

EPSS

Процентиль: 11%

0.00039

Низкий

6.1 Medium

CVSS3

Дефекты

CWE-80