Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all.
7.5CVSS
7.3AI Score
0.018EPSS
Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all.
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
5.9AI Score
0.001EPSS
Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section.
6.1CVSS
5.8AI Score
0.001EPSS