CVE-2025-54789

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-54789

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54789.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-54789

Aliases

GHSA-cw2v-c62w-5r43

Published

2025-08-02T00:15:26Z

Modified

2025-08-02T12:12:26.124015Z

Summary

[none]

Details

Files is a module for managing files inside spaces and user profiles. In versions 0.16.9 and below, the File Move functionality does not contain logic that prevents injection of arbitrary JavaScript, which can lead to Browser JS code execution in the context of the user’s session. This is fixed in version 0.16.10.

References

Affected packages

Git / github.com/humhub/cfiles

Affected ranges

Type: GIT
Repo: https://github.com/humhub/cfiles
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bde0bf9240473c23b7c213a49a3869544eaffeb9

Fixed

f022bdd1cc54334a7a2a6f90a8168bb9583a2f00

Affected versions

v0.*

v0.11.18

v0.11.19

v0.11.20

v0.12.1

v0.13.0

v0.13.1

v0.14.0

v0.14.1

v0.14.2

v0.15.0

v0.15.1

v0.16.0

v0.16.1

v0.16.2

v0.16.3

v0.16.4

v0.16.5

v0.16.6

v0.16.7

v0.16.8

v0.16.9