CVE-2025-44998 – TinyFileManager Stored XSS

May 23, 2025

CVE ID : CVE-2025-44998

Published : May 23, 2025, 7:15 p.m. | 1 hour, 38 minutes ago

Description : A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46176 – D-Link DIR-605L DIR-816L Telnet Command Injection

Next Article extundelete recovers deleted files from ext3 or ext4 partitions

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

My favorite gaming service is 40% off right now (and no, it’s not Xbox Game Pass)

A timeline of JavaScript’s history

A timeline of JavaScript’s history

Loading JSON Data into Snowflake From Local Directory

Streamline Conditional Logic with Laravel’s Fluent Conditionable Trait

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

CVE-2025-44998 – TinyFileManager Stored XSS

ESET takes part in global operation to disrupt Lumma Stealer

Lumma Stealer: Down for the count

‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan

Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions

SonicWall urges admins to patch VPN flaw exploited in attacks

Error’d: Charge Me

New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors

JP Morgan AI Research Introduces FlowMind: A Novel Machine Learning Approach that Leverages the Capabilities of LLMs such as GPT to Create an Automatic Workflow Generation System

Combine keyword and semantic search for text and images using Amazon Bedrock and Amazon OpenSearch Service

CVE-2025-3823 – SourceCodester Web-based Pharmacy Product Management System Cross-Site Scripting Vulnerability

CVE-2025-44998 – TinyFileManager Stored XSS

Related Posts