CVE-2026-61504
MEDIUM
5.4
CVSS 3.1
Description
Rejetto HFS 3.0.0 through 3.2.0 does not escape file names in its fallback "basic" web listing, and this listing can be forced by any browser via the ?get=basic parameter. A user with upload permission - or an anonymous user on servers with an open upload folder - can store a file whose name contains script that executes in the browser of anyone viewing the listing.
Metadata
Severity & Metrics
5.4
MEDIUM CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
SSVC — CISA Coordinator
Affected products (1)
| Vendor | Product | Platform | Versions |
|---|---|---|---|
| rejetto | hfs | — | 3.0.0 < 3.2.1 |
Weakness (CWE)
| CWE | Source | Description |
|---|---|---|
| CWE-79 | cna | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') |
CVSS scores (2)
| Score | Severity | Version | Source | Vector |
|---|---|---|---|---|
| 5.4 | MEDIUM | 3.1 | cna | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
| 5.1 | MEDIUM | 4.0 | cna | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N |
References (2)