Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.
History

Tue, 05 Aug 2025 11:45:00 +0000

Type Values Removed Values Added
First Time appeared Humhub
Humhub files
Vendors & Products Humhub
Humhub files

Mon, 04 Aug 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 01 Aug 2025 23:30:00 +0000

Type Values Removed Values Added
Description Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.
Title Files is Vulnerable to Reflected Self-XSS through its File Move Functionality
Weaknesses CWE-80
References
Metrics cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2025-08-01T23:26:32.195Z

Updated: 2025-08-04T15:40:11.383Z

Reserved: 2025-07-29T16:50:28.393Z

Link: CVE-2025-54789

cve-icon Vulnrichment

Updated: 2025-08-04T15:40:07.670Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2025-08-02T00:15:26.160

Modified: 2025-08-04T15:06:15.833

Link: CVE-2025-54789

cve-icon Redhat

No data.