123 matches found
tinywebgallery.com XSS vulnerability
Open Bug Bounty ID: OBB-610251 Description| Value ---|--- Affected Website:| tinywebgallery.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
TinyWebGallery Add/Create Module Cross-Site Scripting Vulnerability
TinyWebGallery TWG is a software developer Michael Dempfle developed a set of open source album based on Ajax, PHP and XML , it provides text and image watermarking , slide show , image uploading and management features such as Add/Create module is one of the Add/Create module. A cross-site...
CVE-2017-16635
In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...
CVE-2017-16635
In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...
Cross site scripting
In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...
CVE-2017-16635
In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...
CVE-2017-16635
TinyWebGallery v2.4 is affected by a Cross-Site Scripting (XSS) vulnerability in the Add/Create module. The issue resides in the mkname, mkitem, and item parameters, allowing remote attackers with low-privilege backend access to inject script code into the TWG Explorer item listing. The attack us...
TinyWebGallery v2.4 (TWGE) - Persistent XSS Vulnerability
Document Title: =============== TinyWebGallery v2.4 TWGE - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1997 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16635...
TinyWebGallery v2.4 (TWGE) - Persistent XSS Vulnerability
Document Title: =============== TinyWebGallery v2.4 TWGE - Persistent XSS Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=1997 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16635...
CVE-2012-2932
Multiple cross-site scripting XSS vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems parameter in a 1 copy, 2 chmod, or 3 arch action to admin/index.php or 4 searchitem parameter in a search action to admin/index.php...
CVE-2012-2930
Multiple cross-site request forgery CSRF vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user via an adduser action to admin/index.php or 2 conduct static PHP code injection attacks in .htusers.php...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user via an adduser action to admin/index.php or 2 conduct static PHP code injection attacks in .htusers.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems parameter in a 1 copy, 2 chmod, or 3 arch action to admin/index.php or 4 searchitem parameter in a search action to admin/index.php...
CVE-2012-2932
Multiple cross-site scripting XSS vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems parameter in a 1 copy, 2 chmod, or 3 arch action to admin/index.php or 4 searchitem parameter in a search action to admin/index.php...
CVE-2012-2930
Multiple cross-site request forgery CSRF vulnerabilities in TinyWebGallery TWG before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user via an adduser action to admin/index.php or 2 conduct static PHP code injection attacks in .htusers.php...
CVE-2012-2932
CVE-2012-2932 affects TinyWebGallery (TWG) prior to 1.8.8. The vulnerabilities include: XSS via the selitems[] parameter for admin/index.php actions copy, chmod, or arch, and via the searchitem parameter for the search action; and related issues involving input returned to the administrator’s bro...
CVE-2012-2930
TinyWebGallery (TWG) is affected by CVE-2012-2930, CVE-2012-2931 and CVE-2012-2932, with TWG versions before 1.8.8. The root cause is insufficient validation and CSRF protections in admin/index.php vulnerabilities that enable an authenticated admin session to perform actions (e.g., add a user) vi...
TinyWebGallery Local File Inclusion Vulnerability
TinyWebGallery TWG is a software developer Michael Dempfle developed a set of open source album based on Ajax, PHP and XML , it provides text and image watermarking , slide show , image uploading and management and other functions . A local file inclusion vulnerability exists in TWG that stems fr...
TinyWebGallery Cross-Site Scripting Vulnerability
TinyWebGallery TWG is a software developer Michael Dempfle developed a set of open source album based on Ajax, PHP and XML , it provides text and image watermarking , slide show , image uploading and management and other functions . A cross-site scripting vulnerability exists in TWG that stems fr...
TinyWebGallery <= 1.7.6 LFI / Remote Code Execution Exploit
No description provided by source. ?php / ----------------------------------------------------------- TinyWebGallery = 1.7.6 LFI / Remote Code Execution Exploit ----------------------------------------------------------- author...: EgiX mail.....: n0b0d13satgmaildotcom link.....:...