CVE-2025-51662
Last modified
CVE-2025-51662 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". EPSS estimates a 0.14% chance of exploitation in the next 30 days.
Description
A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version 2.2 and earlier. Insufficient input validation allows attackers to inject arbitrary JavaScript code into shared text "codeboxes". The xss payload is automatically executed in the browsers of any users who try to access the infected codebox by clicking link or entering share code.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Lanol | Filecodebox | <= 2.2 |
References
- https://github.com/vastsa/FileCodeBox/issues/351Exploit, Issue Tracking
- https://github.com/vastsa/FileCodeBox/issues/351Exploit, Issue Tracking
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-51662?
How severe is CVE-2025-51662?
How do I fix CVE-2025-51662?
Are you affected by CVE-2025-51662?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST