CVE-2026-30578

Publication date

2026-03-20 00:00:00

Family

mitre

State

PUBLISHED

Description

File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code.