CVE-2025-51662

MEDIUM

FileCodeBox < 2.2 - Stored Cross-Site Scripting in Text Sharing Feature

Title source: llm
STIX 2.1

Description

A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers of any users who try to access the infected codebox by clicking link or entering share code.

References (2)

Core 2

Scores

CVSS v3 5.4
EPSS 0.0014
EPSS Percentile 4.2%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-79
Status published
Products (1)
lanol/filecodebox < 2.2
Published Nov 19, 2025
Tracked Since Feb 18, 2026