Tharooon/CVE-2026-29971

Releases0

An attacker can execute arbitrary JavaScript in the victim's browser, potentially leading to session hijacking or privilege escalation.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-29971 ↗	Apr 27, 2026Monday, 27 April 2026, 21:16	6.1 MEDIUM	—
A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBackup functionality, authentication input handling, search functionality, and error message rendering components