CVE-2025-44998 – TinyFileManager Stored XSS

May 23, 2025

CVE ID : CVE-2025-44998

Published : May 23, 2025, 7:15 p.m. | 1 hour, 38 minutes ago

Description : A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46176 – D-Link DIR-605L DIR-816L Telnet Command Injection

Next Article extundelete recovers deleted files from ext3 or ext4 partitions

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

The best AirTag alternative for Samsung users is currently 30% off

One of the biggest new features on the Google Pixel 10 is also one of the most overlooked

I tested these viral ‘crush-proof’ Bluetooth speakers, and they’re not your average portables

I compared the best smartwatches from Google and Apple – and there’s a clear winner

MongoDB Data Types

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Microsoft Teams updated with a feature you probably thought already existed — “Can you hear me?” is now a thing of the past

Xbox Game Pass gets Gears of War: Reloaded, Dragon Age: The Veilguard, and more — here’s what is coming through the rest of August

Resident Evil ‘9’ Requiem has some of the most incredible lighting I’ve seen in a game — and Capcom uses it as a weapon

CVE-2025-44998 – TinyFileManager Stored XSS

Blue Locker ransomware hits critical infrastructure – is your organisation ready?

GeoServer Exploits, PolarEdge, and Gayfemboy Push Cybercrime Beyond Traditional Botnets

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

CVE-2025-7769 – Tigo Energy CCA Command Injection Vulnerability

CVE-2022-50218 – Linux Kernel IIO Light Driver Null Pointer Dereference Vulnerability

Google AI Releases MLE-STAR: A State-of-the-Art Machine Learning Engineering Agent Capable of Automating Various AI Tasks

Critical Python Tarfile Flaw (CVE-2025-4517, CVSS 9.4): Arbitrary File Write, PoC Available

CVE-2025-41437 – Zohocorp ManageEngine OpManager Reflected Cross-Site Scripting Vulnerability

CVE-2025-7322 – IrfanView CADImage Plugin DWG File Parsing Out-Of-

Zombie Lane Ahead

CVE-2025-44998 – TinyFileManager Stored XSS

Related Posts