CVE-2025-44998

Medium CVSS: 6.1

A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter.

Vendor

Prasathmani

Product

Tiny File Manager

CWE

CWE-79

Yayın Tarihi

2025-05-23 19:15:22

Güncelleme

2025-12-31 19:43:08

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-79 Tiny File Manager MEDIUM Prasathmani 2025

Referanslar

https://github.com/l8BL/CVE-2025-44998 https://github.com/prasathmani/tinyfilemanager

Benzer Kayıtlar

Medium

CVE-2025-46651

Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due…

Medium

CVE-2025-15138

A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of…

Medium

CVE-2022-40490

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerabil…

Critical

CVE-2022-40916

Tiny File Manager v2.4.7 and below is vulnerable to session fixation.