← Back to CVEs
CVE-2020-36988
MEDIUM5.4
Description
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.
CVE Details
CVSS v3.1 Score5.4
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionREQUIRED
Published1/28/2026
Last Modified1/29/2026
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-79
References
https://github.com/GuidoNeele/PDW-File-Browser(disclosure@vulncheck.com)
https://www.exploit-db.com/exploits/48947(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/pdw-file-browser-cross-site-scripting-xss(disclosure@vulncheck.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.