CVE-2023-53939

Sažetak

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected gallery pages.

Reference

http://www.tinywebgallery.com/
https://www.exploit-db.com/exploits/51442
https://www.vulncheck.com/advisories/tinywebgallery-stored-cross-site-scripting-via-folder-name-parameter
https://www.exploit-db.com/exploits/51442

CVSS

Base:	5.4
Impact:	2.7
Exploitability:	2.3

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	LOW	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Zadnje važnije ažuriranje

19-12-2025 - 18:00

Objavljeno

18-12-2025 - 20:15