Back to overview

CVE-2026-36163

Description
An HTML injection vulnerability in the file view endpoint of LiquidFiles v4.2.7 allows authenticated attackers to execute arbitrary JavaScript in the context of the victim's browser via the uploading of and user interaction with a crafted HTML file.

Metadata

CVE ID
CVE-2026-36163
State
PUBLISHED
Assigner
mitre
Reserved
2026-04-06 00:00 UTC
Published
2026-07-07 00:00 UTC
Last updated
2026-07-07 22:05 UTC
Vendor / Product
n/a / n/a
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
n/a n/a n/a
Weakness (CWE)
CWESourceDescription
cna n/a
Back to overview