An authenticated stored cross-site scripting (XSS) vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter.
Metrics
Affected Vendors & Products
References
History
Wed, 08 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Liquidfiles
Liquidfiles liquidfiles |
|
| Vendors & Products |
Liquidfiles
Liquidfiles liquidfiles |
Tue, 07 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | An authenticated stored cross-site scripting (XSS) vulnerability in the Upload File Shares API of LiquidFiles v4.2.7 allows attackers to execute arbitrary Javascript or HTML via injecting a crafted payload into the Name parameter. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-07-07T22:02:48.103Z
Reserved: 2026-04-06T00:00:00.000Z
Link: CVE-2026-36162
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-08T00:00:05Z