
We found results for “”
CVE-2025-54789
Good to know:

Date: August 1, 2025
Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.
Severity Score
Related Resources (5)
Severity Score
Weakness Type (CWE)
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE-80Top Fix

CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | NONE |
User Interaction (UI): | REQUIRED |
Scope (S): | CHANGED |
Confidentiality (C): | LOW |
Integrity (I): | LOW |
Availability (A): | NONE |