CVE-2022-50891

MEDIUM

Owlfiles File Manager 12.0.1 - Cross-Site Scripting via HTTP Server Path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-50891. PoCs published by Chokri Hammedi.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in Owlfiles File Manager 12.0.1, including path traversal, LFI, and XSS via crafted HTTP/FTP requests. It provides functional proof-of-concept requests and responses showing successful exploitation.

Description

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.

Exploits (1)

exploitdb WORKING POC
by Chokri Hammedi · textwebappsios
https://www.exploit-db.com/exploits/51036

The exploit demonstrates multiple vulnerabilities in Owlfiles File Manager 12.0.1, including path traversal, LFI, and XSS via crafted HTTP/FTP requests. It provides functional proof-of-concept requests and responses showing successful exploitation.

Classification
Working Poc 100%
Attack Type
Info Leak | Xss
Complexity
Trivial
Reliability
Reliable
Target: Owlfiles File Manager 12.0.1
No auth needed
Prerequisites: Access to the built-in HTTP/FTP server on the target device
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 5.0
EPSS 0.0024
EPSS Percentile 15.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (2)
skyjos/owlfiles 12.0.1
Skyjos/Owlfiles File Manager 12.0.1
Published Jan 13, 2026
Tracked Since Feb 18, 2026