CVE-2026-30579

Publication date

2026-03-20 00:00:00

Family

mitre

State

PUBLISHED

Description

File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "upload file" functionality to upload a file with a crafted file name used to trigger a Javascript payload.