CVE-2025-44998 – TinyFileManager Stored XSS

May 23, 2025

CVE ID : CVE-2025-44998

Published : May 23, 2025, 7:15 p.m. | 1 hour, 38 minutes ago

Description : A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46176 – D-Link DIR-605L DIR-816L Telnet Command Injection

Next Article extundelete recovers deleted files from ext3 or ext4 partitions

Droip: The Modern Website Builder WordPress Needed

Last week in AI dev tools: Cloudflare blocking AI crawlers by default, Perplexity Max subscription, and more (July 7, 2025)

Infragistics Launches Ultimate 25.1 With Major Updates to App Builder, Ignite UI

Design Guidelines For Better Notifications UX

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

This 360Hz QD-OLED monitor is more than magnificent — and it’s $280 off right now

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

“One of the best and most premium charging accessories” — Razer Universal Quick Charging Stand for Xbox is 40% off

AI and Digital Trends Marketing and IT Leaders Need to Know

AI and Digital Trends Marketing and IT Leaders Need to Know

Blade Authorization Directives for View Security

Laravel AI Chat Starter Kit

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

There’s a massive 42% Amazon Prime Day discount on the Razer DeathAdder V3 Pro — One of the best gaming mice we gave a near-perfect score to

This 360Hz QD-OLED monitor is more than magnificent — and it’s $280 off right now

Diablo 4, one of Blizzard’s best Xbox games, is now 64% off — a devilish Anti-Amazon Prime Day discount that’s worth taking over Amazon’s deals

CVE-2025-44998 – TinyFileManager Stored XSS

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

CVE-2025-49859 – Etuel WP Views Counter Cross-Site Scripting (XSS)

Researchers Detail Zero-Click Copilot Exploit ‘EchoLeak’

CVE-2025-3841 – Wix Incubator Jam Jinja2 Template Handler Template Injection Vulnerability

Agile vs Scrum: A Clear Guide to Choosing the Right Approach

CVE-2025-49295 – Mikado-Themes MediClinic Path Traversal PHP Local File Inclusion

CVE-2025-5484 – SinoTrack Default Password Vulnerability (Weak Authentication)

Pixtral Large is now available in Amazon Bedrock

Identifying AI-generated images with SynthID

CVE-2025-44998 – TinyFileManager Stored XSS

Related Posts