CVE-2020-36988 MEDIUM

CVE-2020-36988: PDW File Browser <= v1.3 - Cross-Site Scripting (XSS)

Vendor Guidoneele
Product PDW File Browser
Weakness CWE-79 · XSS
Published January 28, 2026
Last update May 14, 2026

CVSS base score

4.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N

What the vulnerability does

01Description

PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.

Key dates

02Disclosure timeline

January 28, 2026 CVE published
May 14, 2026 Record updated