anonhaven
Ad

CVE-2026-30578

MEDIUM CVSS 3.1: 6.5 EPSS 0.04%
Updated Apr 01, 2026
Leefish
Parameter Value
CVSS 6.5 (MEDIUM)
Type CWE-79 (Cross-Site Scripting (XSS))
Vendor Leefish
Public PoC No

File Thinghie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the "dir" parameter of the GET request to invoke arbitrary javascript code.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
Low
Basic privileges needed
User Interaction
Required
User action required

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-79 Cross-Site Scripting (XSS)

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Leefish File_Thingie
cpe:2.3:a:leefish:file_thingie:2.5.7:*:*:*:*:*:*:*

References 2

https://github.com/SpeWnz/Vulnerability-Research/tree/main/CVE-2026-30578
cve@mitre.org
https://github.com/leefish/filethingie
cve@mitre.org
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-30580

Leefish

4.3

CVE-2026-30579

Payload

6.5