FileRun 2019.05.21 allows XSS via the filename to the ?module=fileman§ion=do&page=up URI. This issue has been fixed in FileRun 2019.06.01.
https://github.com/EmreOvunc/FileRun-Vulnerabilities/issues/3
https://github.com/EmreOvunc/FileRun-Vulnerabilities/
http://packetstormsecurity.com/files/158173/FileRun-2019.05.21-Cross-Site-Scripting.html