CVE-2026-36162
N/A
N/A
Summary
An authenticated stored cross-site scripting (XSS) vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
References
- https://docs.liquidfiles.com/release_notes/version_4-2-x.html
- https://securing.pl/en/bypassing-csp-to-exploit-stored-xss-in-liquidfiles/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.