Home > Vulnerability Database > CVE-2024-50807

Mend.io Vulnerability Database

CVE-2024-50807

Good to know:

Date: January 9, 2025

Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions.

Severity Score

6.1

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-50807

Url: https://gist.github.com/HackShiv/4254db89214913867aa8dd5c1ec09b7e

Url: https://www.mend.io/vulnerability-database/CVE-2024-50807

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

Top Fix

Upgrade Version

Upgrade to version rere/yii2-admin - 1.0.8;rere/yii2-admin - 1.0.3;crabstudio/app - dev-master-license-removal;crabstudio/app - dev-revert-244-jsonview-serialization;web-feet/coastercms - v5.2.7;vamcart/vamcart - 2.56.1;vamcart/vamcart - 2.4.5;vamcart/vamcart - 2.31;dimaninc/di_core - 0.1.23;dimaninc/di_core - dev-master;fznoviar/responsivefilemanager - 9.9.4;fznoviar/responsivefilemanager - v9.10.1;fznoviar/responsivefilemanager - no_fix;despark/html-template-curator - no_fix;despark/html-template-curator - v.1.0;melisplatform/melis-core - dev-fix/log-error-500;melisplatform/melis-core - v4.0.18;melisplatform/melis-core - v2.1;melisplatform/melis-core - v4.0.15;melisplatform/melis-core - v2.2.6;melisplatform/melis-core - v2.5.0;melisplatform/melis-core - v4.0.8;melisplatform/melis-core - dev-fix/gdpr-email-conf-smtp;melisplatform/melis-core - v3.0.13;melisplatform/melis-core - dev-fix/reset-password-link;melisplatform/melis-core - dev-update/change-composer-version;melisplatform/melis-core - v3.1.2;melisplatform/melis-core - v2.3.2;melisplatform/melis-core - dev-update/php-8-upgrade;melisplatform/melis-core - v4.1.1;melisplatform/melis-core - dev-php-7.0;melisplatform/melis-core - v3.0.0;melisplatform/melis-core - dev-feature/update-tinymce-5.10.0;melisplatform/melis-core - dev-feature/update-dashboard-plugin;melisplatform/melis-core - no_fix;melisplatform/melis-core - dev-fix/bo-lang-icon-column;melisplatform/melis-core - v3.2.0;coastercms/coastercms - v5.2.7;amirkoklan/responsivefilemanager - v9.10.1;amirkoklan/responsivefilemanager - no_fix;amirkoklan/responsivefilemanager - 9.9.4;lekoala/silverstripe-form-extras - 1.2.13;lekoala/silverstripe-form-extras - 1.0.0;xvs32x/tinymce-responsivefilemanager - 1.0.0;xvs32x/tinymce-responsivefilemanager - no_fix;thelia/tinymce-module - 1.0;thelia/tinymce-module - 2.4.0-apha1;thelia/tinymce-module - 2.5.0-alpha1;thelia/thelia - 2.5.0-alpha1;thelia/thelia - dev-modern-bo;rokorolov/parus-basic-app - no_fix;brucecms/pages - no_fix;ahyadessam/laravel-adminlte - 1.1.4;despark/igni-core - no_fix;ronappleton/radmin-tinymce - no_fix;fed/mce - no_fix;seguce92/filemanager - v1.3.6;despark/ignicms - no_fix;hlacos/lara-mvcms - no_fix;therealworld/rte-module - v1.5.5;imagecms/imagecms - no_fix;imagecms/imagecms - v1.0.5;laravelcity/laravel-filemanager - no_fix;deimon/sandbox-project - 1.0.2

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-50807

Good to know:

Date: January 9, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?