MiniGal Nano Reflected Cross-Site Scripting Vulnerability

Vulnerability

A reflected cross-site scripting vulnerability has been identified in MiniGal Nano versions through 0.3.5. The issue resides in index.php, where the dir parameter is processed. The application fails to properly encode user-supplied input before embedding it into an error message, allowing attackers to inject HTML or JavaScript that is reflected back to the user. Exploitation of this vulnerability could result in the execution of arbitrary scripts in the context of the user's browser, within the vulnerable application.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute scripts in the context of the victim's browser session.

Added: Feb 11, 2026, 5:42 PM

Updated: Feb 11, 2026, 6:11 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.2

remediation

0.0

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.7

exploitability

6.2

remediation

0.0

relevance

3.0

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

MiniGal Nano Reflected Cross-Site Scripting Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating