CVE-2022-1000 Path Traversal in prasathmani/tinyfilemanager

Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7...

Cross-site Scripting (XSS) - Generic in prasathmani/tinyfilemanager

✍️ Description Crss site scripting bug exist via file upload 🕵️‍♂️ Proof of Concept 1. Upload a file and capture the request in burpsuite . 2. Now change fullpath parameter value to xss payload in burpsuite and forward the request . and see xss is executed Video poc...