# CVE-2026-29971

> Vulnerability · severity: **MEDIUM** (CVSS 6.1).

## Description

A reflected cross-site scripting (XSS) vulnerability exists in WebFileSys version before 2.32.0 and fixed in v.2.32.0. User-controlled input is reflected into HTML and JavaScript contexts without proper output encoding, allowing arbitrary JavaScript execution in the victim's browser via the ftpBackup functionality, authentication input handling, search functionality, and error message rendering components

## Key facts

- **CVE ID:** CVE-2026-29971
- **Published:** 2026-04-27
- **CVSS severity:** MEDIUM
- **CVSS base score:** 6.1
- **CWE codes:** CWE-79

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-29971

## Citation

> AI Analytics. CVE-2026-29971. Retrieved 2026-07-16 from https://api.ai-analytics.org/cve/CVE-2026-29971. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*