{"id":"CVE-2022-32167","details":"Cloudreve versions v1.0.0 through v3.5.3 are vulnerable to Stored Cross-Site Scripting (XSS), via the file upload functionality. A low privileged user will be able to share a file with an admin user, which could lead to privilege escalation.","aliases":["GHSA-fg25-gq9g-32mx"],"modified":"2026-03-14T11:46:51.544867Z","published":"2022-09-20T15:15:10.557Z","references":[{"type":"EVIDENCE","url":"https://www.mend.io/vulnerability-database/CVE-2022-32167"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cloudreve/cloudreve","events":[{"introduced":"f46684495ce5d81b11a81f3a74bbc347aecbfca0"},{"last_affected":"0e5683bc3b102a474b03992eb7932ac12643bcd1"}],"database_specific":{"versions":[{"introduced":"1.0.0"},{"last_affected":"3.5.3"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32167.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}]}