CNNVD-202512-3381 Information
Dec 18, 2025
cve
CNNVD ID
CNNVD-202512-3381
Related CVE
- CNNVD Published: 2025-12-18
Description (Chinese)
TinyWebGallery是TinyWebGallery开源的一个PHP相册系统。 TinyWebGallery v2.5版本存在安全漏洞,该漏洞源于存储型跨站脚本漏洞,可能导致执行任意JavaScript。
Description (English)
TinyWebGallery is an open-source PHP album system for TinyWebGalley. There is a security loophole in TinyWebGallery v. 2.5, which stems from a storage-type cross-site script loophole that could lead to the implementation of any JavaScript.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
TinyWebGallery
Published
2025-12-18
Last Modified
2026-02-24
References
http://www.tinywebgallery.com/ https://www.exploit-db.com/exploits/51442 https://www.vulncheck.com/advisories/tinywebgallery-stored-cross-site-scripting-via-folder-name-parameter
Patch
https://www.tinywebgallery.com/en/download.php
Share on: