Medium severity5.4NVD Advisory· Published Sep 15, 2021· Updated Jun 17, 2026
CVE-2021-40966
CVE-2021-40966
Description
A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- TinyFileManager/TinyFileManagerdescription
- Range: <=2.4.6
- Range: <=2.4.6
Patches
Vulnerability mechanics
References
1- gist.github.com/omriinbar/953368dcdd9e5eeefd83920166099528nvdThird Party Advisory
News mentions
0No linked articles in our index yet.