CVE-2018-16363

MEDIUM NUCLEI

Filemanagerpro File Manager - XSS

Title source: rule

Description

The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php.

Nuclei Templates (1)

WordPress File Manager < 3.0 - Cross-Site Scripting
MEDIUMVERIFIEDby Shivam Kamboj

References (4)

Scores

CVSS v3 5.4
EPSS 0.0040
EPSS Percentile 61.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
filemanagerpro/file_manager 2.9
Published Sep 07, 2018
Tracked Since Feb 18, 2026