VYPR
Unrated severityNVD Advisory· Published Feb 11, 2026· Updated Mar 5, 2026

MiniGal Nano <= 0.3.5 Reflected XSS via dir Parameter

CVE-2026-25868

Description

MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply HTML/JavaScript that is reflected in the response. Successful exploitation can lead to execution of arbitrary script in a victim's browser in the context of the vulnerable application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Minigal/Minigalllm-fuzzy2 versions
    <=0.3.5+ 1 more
    • (no CPE)range: <=0.3.5
    • (no CPE)range: 0

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.