CVE-2026-30579

{"id": "CVE-2026-30579", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.7, "exploitabilityScore": 2.3}]}, "published": "2026-03-20T18:16:13.323", "references": [{"url": "https://github.com/SpeWnz/Vulnerability-Research/tree/main/CVE-2026-30579", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/leefish/filethingie", "tags": ["Product"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "File Thingie 2.5.7 is vulnerable to Cross Site Scripting (XSS). A malicious user can leverage the \"upload file\" functionality to upload a file with a crafted file name used to trigger a Javascript payload."}, {"lang": "es", "value": "File Thingie 2.5.7 es vulnerable a Cross Site Scripting (XSS). Un usuario malicioso puede aprovechar la funcionalidad de 'subir archivo' para subir un archivo con un nombre de archivo manipulado utilizado para activar una carga \u00fatil de Javascript."}], "lastModified": "2026-04-01T19:01:22.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:leefish:file_thingie:2.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEFFC71B-7FE1-4570-AA17-5E9E300B8EA9"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}