A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter.
References
Link | Resource |
---|---|
https://github.com/l8BL/CVE-2025-44998 | Exploit Third Party Advisory |
https://github.com/prasathmani/tinyfilemanager | Product |
Configurations
History
11 Jul 2025, 19:36
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:tinyfilemanager_project:tinyfilemanager:2.4.7:*:*:*:*:*:*:* | |
First Time |
Tinyfilemanager Project tinyfilemanager
Tinyfilemanager Project |
|
References | () https://github.com/l8BL/CVE-2025-44998 - Exploit, Third Party Advisory | |
References | () https://github.com/prasathmani/tinyfilemanager - Product |
28 May 2025, 14:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
23 May 2025, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-05-23 19:15
Updated : 2025-07-11 19:36
NVD link : CVE-2025-44998
Mitre link : CVE-2025-44998
CVE.ORG link : CVE-2025-44998
JSON object : View
Products Affected
tinyfilemanager_project
- tinyfilemanager
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')