Vulnerability Description
Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skyjos | Owlfiles | 12.0.1 |
| Apple | Ipados | - |
| Apple | Iphone Os | - |
| Apple | Macos | - |
| Apple | Tvos | - |
| Apple | Visionos | - |
Related Weaknesses (CWE)
References
- https://apps.apple.com/us/app/owlfiles-file-manager/id510282524Product
- https://www.exploit-db.com/exploits/51036Exploit
- https://www.skyjos.com/Product
- https://www.vulncheck.com/advisories/owlfiles-file-manager-cross-site-scripting-Third Party Advisory
- https://www.exploit-db.com/exploits/51036Exploit
FAQ
What is CVE-2022-50891?
CVE-2022-50891 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft UR...
How severe is CVE-2022-50891?
CVE-2022-50891 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-50891?
Check the references section above for vendor advisories and patch information. Affected products include: Skyjos Owlfiles, Apple Ipados, Apple Iphone Os, Apple Macos, Apple Tvos.