MEDIUM
Evoluted
CVE published 2026-06-09
CVE-2026-25557
CVE-2026-25557 is a reflected cross-site scripting vulnerability in Evoluted PHP Directory Listing Script through 4.0.5. The vulnerability exists in the index.php file where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. This allows attackers to inject arbitrary JavaScript via crafted dir parameter va [truncated]