CVE-2025-1983

A cross-site scripting (XSS) vulnerability in Ready_'s File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt