Oleg Lobanov

2 exploits Active since Aug 2021
CVE-2021-37794 WRITEUP MEDIUM WRITEUP
filebrowser < 2.16.0 - Authenticated Stored Cross-Site Scripting via SVG File Upload
A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance.
CVSS 5.4
CVE-2021-46398 WRITEUP HIGH WRITEUP
FileBrowser < 2.18.0 - Cross-Site Request Forgery via Malicious HTML Webpage
A Cross-Site Request Forgery vulnerability exists in Filebrowser < 2.18.0 that allows attackers to create a backdoor user with admin privilege and get access to the filesystem via a malicious HTML webpage that is sent to the victim. An admin can run commands using the FileBrowser and hence it leads to RCE.
CVSS 8.8