CVE-2026-25868 - MiniGal Nano <= 0.3.5 reflected xss via dir parameter

CVE ID : CVE-2026-25868 Published : Feb. 11, 2026, 4:16 p.m. | 1 hour, 7 minutes ago Description : MiniGal Nano version 0.3.5 and prior contain a reflected cross-site scripting (XSS) vulnerability in index.php via the dir parameter. The application constructs $currentdir from user-controlled input and embeds it into an error message without output encoding, allowing an attacker to supply HTML/JavaScript that is reflected in the response. Successful exploitation can lead to execution of arbitrary script in a victim's browser in the context of the vulnerable application. Severity: 5.1 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...