Unrated severityNVD Advisory· Published May 23, 2025· Updated May 23, 2025

CVE-2025-44998

Description

A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter.

Affected products

TinyFileManager/TinyFileManagerdescription
Tiny File Manager/Tinyfilemanagerllm-fuzzy
Range: = 2.4.7

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000