Vulnerability Details CVE-2023-53939
TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected gallery pages.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.7%
CVSS Severity
CVSS v3 Score 5.4
References
Products affected by CVE-2023-53939
-
cpe:2.3:a:tinywebgallery:tinywebgallery:2.5