CVE Database · CVE-2022-50891
CVSS v3.1
5.0
CVSS v4.0
5.1
EPSS
0.24%
Published
Jan 13, 2026
Modified
Feb 2, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NWeaknesses (CWE)
Affected Products (6)
References (5)