CVE-2022-50891

MEDIUM

Owlfiles File Manager 12.0.1 - XSS

Title source: llm

Description

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.

Exploits (1)

exploitdb WORKING POC

by Chokri Hammedi · textwebappsios

https://www.exploit-db.com/exploits/51036

View Code ZIP pw:eip

References (4)

[Product] https://apps.apple.com/us/app/owlfiles-file-manager/id510282524

[Exploit] https://www.exploit-db.com/exploits/51036

[Product] https://www.skyjos.com/

[Third Party Advisory] https://www.vulncheck.com/advisories/owlfiles-file-manager-cross-site-scripting-via-http-server

Scores

CVSS v3 5.0

EPSS 0.0006

EPSS Percentile 18.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (2)

skyjos/owlfiles 12.0.1

Skyjos/Owlfiles File Manager 12.0.1

Published Jan 13, 2026

Tracked Since Feb 18, 2026