CVE-2025-51662
📋 TL;DR
A stored cross-site scripting vulnerability in FileCodeBox versions 2.2 and earlier allows attackers to inject malicious JavaScript into shared text content. When users access infected codeboxes via links or share codes, the payload executes automatically in their browsers. This affects all users of vulnerable FileCodeBox instances.
💻 Affected Systems
- FileCodeBox
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or deploy malware through drive-by downloads.
Likely Case
Session hijacking, credential theft, defacement of shared content, or redirection to phishing sites targeting FileCodeBox users.
If Mitigated
Limited impact with proper content security policies and input validation, potentially only affecting the specific infected codebox content.
🎯 Exploit Status
Exploitation requires creating or modifying a codebox with malicious payload; no authentication needed for basic XSS injection.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.3 or later
Vendor Advisory: https://github.com/vastsa/FileCodeBox/issues/351
Restart Required: Yes
Instructions:
1. Backup your FileCodeBox data and configuration. 2. Update to FileCodeBox version 2.3 or later from the official GitHub repository. 3. Restart the FileCodeBox service. 4. Verify the fix by testing XSS payloads in the text sharing feature.
🔧 Temporary Workarounds
Disable text sharing feature
allTemporarily disable the vulnerable text sharing functionality until patching is possible.
Modify configuration to disable codebox creation or restrict access to sharing endpoints
Implement WAF rules
allAdd web application firewall rules to block XSS payloads in text sharing requests.
Add rules to detect and block script tags, JavaScript events, and common XSS patterns in POST/PUT requests to sharing endpoints
🧯 If You Can't Patch
- Implement strict Content Security Policy headers to block inline script execution
- Enable input validation and output encoding at the application layer for all user-supplied text
🔍 How to Verify
Check if Vulnerable:
Test by creating a codebox with a simple XSS payload like <script>alert('XSS')</script> and accessing it via share link.Check Version:
Check the FileCodeBox version in the web interface or configuration files; look for version 2.2 or earlier.Verify Fix Applied:
After updating, attempt the same XSS test; the payload should be properly sanitized and not execute.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to sharing endpoints with script tags or JavaScript code
- Multiple failed XSS attempts in application logs
Network Indicators:
- HTTP requests containing common XSS payload patterns to /share or /codebox endpoints
SIEM Query:
source="filecodebox.log" AND ("<script>" OR "javascript:" OR "onerror=" OR "onload=")