CVE-2025-51661
- EPSS 0.09%
- Veröffentlicht 19.11.2025 00:00:00
- Zuletzt bearbeitet 24.11.2025 19:35:13
A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when application is configured to use local filesystem storage. SystemFileStorage.save_file method in core/storage.py uses filenames from user input wit...
CVE-2025-51662
- EPSS 0.04%
- Veröffentlicht 19.11.2025 00:00:00
- Zuletzt bearbeitet 24.11.2025 19:40:24
A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss pa...
CVE-2025-51663
- EPSS 0.12%
- Veröffentlicht 19.11.2025 00:00:00
- Zuletzt bearbeitet 24.11.2025 19:29:36
A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and X-Forwarded-For HTTP headers. This can enable attack...
CVE-2024-34525
- EPSS 0.03%
- Veröffentlicht 06.05.2024 00:15:10
- Zuletzt bearbeitet 25.11.2025 19:48:13
FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file.