CVE-2022-40490

CVE-2022-40490

Vendor N/A
Product n/a
Weakness CWE-79 · XSS
Published February 6, 2025
Last update August 20, 2025
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

Tiny File Manager v2.4.7 and below was discovered to contain a Cross Site Scripting (XSS) vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the name of an uploaded or already existing file.

Key dates

02Disclosure timeline

February 6, 2025 CVE published
August 20, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-10181 Newsletters <= 4.9.9.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via newsletters_video Shortcode CVE-2024-56254 WordPress Move Addons for Elementor plugin <= 1.3.6 - Cross Site Scripting (XSS) vulnerability CVE-2025-46483 WordPress Peadig’s Google +1 Button plugin <= 0.1.2 - Cross Site Scripting (XSS) Vulnerability CVE-2023-41242 WordPress Snap Pixel Plugin <= 1.5.7 is vulnerable to Cross Site Scripting (XSS) CVE-2023-44986 WordPress Abandoned Cart Lite for WooCommerce Plugin <= 5.15.2 is vulnerable to Cross Site Scripting (XSS)