SecBoard
Zurück zur CVE-Übersicht

CVE-2026-61504

MEDIUM(5.4)

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Risk Signal Score24/100 — NIEDRIG
  • CVSS 5.4 — Mittel
  • Weniger als 24 Stunden alt

Beschreibung

Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name contains script that executes in the browser of anyone viewing the listing.

Referenzen