CVE-2025-26127

CVSS 5 MEDIUMEPSS 0.2%CWE-79

A stored cross-site scripting (XSS) vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

Affected products

n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/pentesttoolscom/vulnerability-research/tree/master/CVE-2025-26127 https://www.filecloud.com/supportdocs/fcdoc/latest/server/release-notes/filecloud-version-23-241-release-notes/minor-filecloud-release-23-241-3