Home

Description

WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infected file paths, potentially compromising user browser sessions.

PUBLISHED Reserved 2026-01-11 | Published 2026-02-01 | Updated 2026-02-02 | Assigner VulnCheck




MEDIUM: 5.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
MEDIUM: 6.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

Problem types

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Product status

Default status
unaffected

1.0.8
affected

Credits

Vulnerability-Lab [Research Team] finder

References

www.vulnerability-lab.com/get_content.php?id=2322 (Vulnerability Lab Advisory) exploit

play.google.com/...=com.dooblou.WiFiFileExplorerPRO&hl=en_US (Product Homepage) product

www.vulncheck.com/...ent-xss-via-web-server-input-validation (VulnCheck Advisory: WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation) third-party-advisory

cve.org (CVE-2022-50951)

nvd.nist.gov (CVE-2022-50951)

Download JSON