Security Advisory

CVE-2021-40966

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-09-15 17:10:32

Last updated 2024-08-04 02:59:30

Assigner mitre

State PUBLISHED

Description

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.

← Browse all CVEs View on cve.org ↗