CVE-2013-2631

The CVE-2013-2631 issue affects TinyWebGallery (TWG) versions

Cross site scripting

In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...

CVE-2017-16635

In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...

CVE-2012-2930

TinyWebGallery (TWG) is affected by CVE-2012-2930, CVE-2012-2931 and CVE-2012-2932, with TWG versions before 1.8.8. The root cause is insufficient validation and CSRF protections in admin/index.php vulnerabilities that enable an authenticated admin session to perform actions (e.g., add a user) vi...

CVE-2012-2932

CVE-2012-2932 affects TinyWebGallery (TWG) prior to 1.8.8. The vulnerabilities include: XSS via the selitems[] parameter for admin/index.php actions copy, chmod, or arch, and via the searchitem parameter for the search action; and related issues involving input returned to the administrator’s bro...

CVE-2011-3810

TinyWebGallery (TWG) 1.8.3 is vulnerable to an information-disclosure flaw: a remote attacker can trigger a direct request to a PHP file (e.g., i_frames/i_register.php) and cause an error message to reveal the installation path. The vulnerability affects the confidentiality of the system (PARTIAL...

CVE-2007-4958

CVE-2007-4958 affects TinyWebGallery (TWG) 1.6.3.4. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via the URI for index.php, i_frames/i_login.php, and i_frames/i_top_tags.php. The underlying cause is ...