Vulnerability Database

322,129

Total vulnerabilities in the database

CVE-2020-36988

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.

Published: Jan 28, 2026
Updated: Jan 29, 2026
CVE: CVE-2020-36988
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.4
AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

No affected software listed.

https://github.com/GuidoNeele/PDW-File-Browser
https://www.exploit-db.com/exploits/48947
https://www.vulncheck.com/advisories/pdw-file-browser-cross-site-scripting-xss

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo