CVE-2025-34281 | ThingsBoard up to 4.2.0 Upload Gallery Feature cross site scripting

A vulnerability was found in ThingsBoard up to 4.2.0 and classified as problematic. This affects an unknown part of the component Upload Gallery Feature. Executing manipulation can lead to cross site scripting.

This vulnerability is registered as CVE-2025-34281. It is possible to launch the attack remotely. No exploit is available.

It is suggested to upgrade the affected component.VulDB Recent EntriesRead More