CVE-2025-54789

Medium CVSS: 5.1

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.

Vendor

Humhub

Product

Files

CWE

CWE-80

Yayın Tarihi

2025-08-02 00:15:26

Güncelleme

2025-09-12 16:43:15

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-80 Files MEDIUM Humhub 2025

Referanslar

https://github.com/humhub/cfiles/commit/f022bdd1cc54334a7a2a6f90a8168bb9583a2f00 https://github.com/humhub/cfiles/releases/tag/v0.16.10 https://github.com/humhub/cfiles/security/advisories/GHSA-cw2v-c62w-5r43

Benzer Kayıtlar

Medium

CVE-2026-29048

HumHub is an Open Source Enterprise Social Network. In version 1.18.0, a cross-site scripting vulnerability was identifi…

Medium

CVE-2026-29052

The Calendar module for HumHub enables users to create one-time or recurring events, manage attendee invitations, and ef…

High

CVE-2025-64442

HumHub is an Open Source Enterprise Social Network. Versions below 1.17.4 have a XSS vulnerability in the Meta-Search fe…

Critical

CVE-2025-54790

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, Files does not have…