Executive Summary

The vulnerability exists in the EPUB preview function of File Browser versions prior to 2.62.2. It is a Stored Cross-Site Scripting (XSS) issue where JavaScript code embedded inside a specially crafted EPUB file executes in the browser of anyone who previews that file.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker to execute malicious JavaScript in the context of the victim's browser when they preview a crafted EPUB file. This can lead to unauthorized actions such as stealing sensitive information, hijacking user sessions, or performing actions on behalf of the user without their consent.

Useful 0 Not Useful 0

Mitigation Strategies

To mitigate this vulnerability, upgrade File Browser to version 2.62.2 or later, where the issue has been patched.

Avoid previewing EPUB files from untrusted sources until the update is applied.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows malicious JavaScript embedded in a crafted EPUB file to execute in the victim's browser, leading to theft of sensitive data such as JWT tokens, session hijacking, and privilege escalation.

This exposure of sensitive authentication tokens and potential unauthorized access could lead to violations of data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized access and breaches.

Therefore, if exploited, this vulnerability could compromise compliance with these standards by enabling unauthorized data access and potential data breaches.

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves identifying if your File Browser instance is running a version prior to 2.62.2 and if the EPUB preview feature is enabled.

You can check the version of File Browser installed by running a command to query the version, for example:

• filebrowser --version

If the version is 2.62.1 or earlier, your system is vulnerable.

To detect exploitation attempts on your network, you can monitor for uploads of EPUB files and subsequent preview requests. Since the exploit involves uploading a crafted EPUB file containing malicious JavaScript, monitoring upload activity for EPUB files is useful.

Example commands to detect EPUB uploads in server logs (assuming logs are stored in /var/log/filebrowser.log):

• grep ".epub" /var/log/filebrowser.log

Additionally, monitoring HTTP requests for preview actions on EPUB files might help detect attempts to trigger the vulnerability.

Since the vulnerability involves JavaScript execution in the browser, network detection of the exploit payload itself is difficult without inspecting client-side behavior or logs.

The best mitigation and detection is to upgrade File Browser to version 2.62.2 or later, which disables scripted content in EPUB previews.

Useful 0 Not Useful 0