CVE-2025-51662

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-51662
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-51662.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-51662
Published
2025-11-19T20:15:53.017Z
Modified
2026-03-14T12:43:45.147298Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers of any users who try to access the infected codebox by clicking link or entering share code.

References

Affected packages

Git / github.com/vastsa/filecodebox

Affected ranges

Type
GIT
Repo
https://github.com/vastsa/filecodebox
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
17331112b43c1d97256e2d8e7e16d76e3b0a3b60
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "2.2"
        }
    ]
}

Affected versions

2.*
2.2
Other
Main
latest
V1.*
V1.1
V1.2
V1.4
V1.4.1
V1.4.3
V1.4.4
V1.4.5
V1.5.1
V1.5.2
V1.5.3
V1.5.4
V1.5.6
V1.5.7
V1.5.9
V1.5.9.1
V1.5.9.2
V1.6
V1.7Beta
V2.*
V2.0
V2.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-51662.json"