Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.
Metrics
Affected Vendors & Products
References
History
Tue, 05 Aug 2025 11:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Humhub
Humhub files |
|
Vendors & Products |
Humhub
Humhub files |
Mon, 04 Aug 2025 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 01 Aug 2025 23:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10. | |
Title | Files is Vulnerable to Reflected Self-XSS through its File Move Functionality | |
Weaknesses | CWE-80 | |
References |
| |
Metrics |
cvssV4_0
|

Status: PUBLISHED
Assigner: GitHub_M
Published: 2025-08-01T23:26:32.195Z
Updated: 2025-08-04T15:40:11.383Z
Reserved: 2025-07-29T16:50:28.393Z
Link: CVE-2025-54789

Updated: 2025-08-04T15:40:07.670Z

Status : Awaiting Analysis
Published: 2025-08-02T00:15:26.160
Modified: 2025-08-04T15:06:15.833
Link: CVE-2025-54789

No data.