PT-2025-52318 · Unknown · Tinywebgallery

Mirabbas Ağalarov

Published

2025-12-18

Updated

2025-12-24

CVE-2023-53939

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions TinyWebGallery version 2.5

Description TinyWebGallery version 2.5 has a stored cross-site scripting issue. Authenticated attackers can inject malicious scripts through the folder name parameter. Attackers can modify album folder names with script tags, leading to the execution of arbitrary JavaScript when other users view the affected gallery pages. The vulnerable parameter is folder name.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2023-53939

Affected Products

Tinywebgallery

PT-2025-52318 · Unknown · Tinywebgallery

CVE-2023-53939

Weakness Enumeration

Related Identifiers

Affected Products

References · 8