Home / Vulnerability Intelligence / CVE-2026-29971

CVE-2026-29971 - Vulnerability Analysis

N/a

Last Updated: April 27, 2026

WebFileSys - Reflected XSS

Published: April 27, 2026Updated: April 27, 2026PoC Available

Overview

WebFileSys 2.31.1 contains a reflected XSS caused by improper output encoding of user-controlled input in HTML and JavaScript contexts, letting attackers execute arbitrary JavaScript in victim's browser, exploit requires crafted request.

Severity & Score

Severity: N/a

Impact

Attackers can execute arbitrary JavaScript in victim's browser, potentially stealing cookies or performing actions on behalf of the user.

Mitigation

Update to the latest version.

References

https://github.com/Tharooon/CVE-2026-29971/
https://www.webfilesys.de/

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2026-29971
Severity: N/a
Type: reflected_xss
Status: new

CVSS Metrics

N/A