—
GO-2026-5511
FileBrowser Vulnerable to Stored XSS via SVG File in Public Share (Missing CSP Header) in github.com/gtsteffaniak/filebrowser
Details
FileBrowser Vulnerable to Stored XSS via SVG File in Public Share (Missing CSP Header) in github.com/gtsteffaniak/filebrowser
Are you affected?
Enter the version of the package you're using.
Affected packages
Go / github.com/gtsteffaniak/filebrowser
Introduced in:
0 Fixed in: 0.0.0-20260501184955-6bfc3974192e Fix
go get github.com/gtsteffaniak/filebrowser@v0.0.0-20260501184955-6bfc3974192e