TinyFileManager is a web-based file manager used to store, upload, edit and manage files and folders online via a web browser. It is used to store, upload, edit and manage files and folders online via a Web browser. A cross-site scripting vulnerability exists in TinyFileManager 2.4.6 and all versions below, which stems from the softwareβs lack of valid validation and escaping of parameters. When the server is given a file that contains HTML and javascript names. An attacker could exploit the vulnerability to upload a file with a malicious filename containing javascript code, which will run on any userβs browser when the user accesses the server.
CPE | Name | Operator | Version |
---|---|---|---|
tinyfilemanager tinyfilemanager | le | 2.4.6 |