Lucene search

K

Tinywebgallery Security Vulnerabilities

cve
cve

CVE-2024-24870

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through...

6.5CVSS

5.4AI Score

0.0004EPSS

2024-02-05 06:15 AM
10
cve
cve

CVE-2023-7069

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

5.2AI Score

0.0004EPSS

2024-02-01 04:15 AM
16
cve
cve

CVE-2023-51690

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through...

6.5CVSS

5.5AI Score

0.0004EPSS

2024-02-01 11:15 AM
9
cve
cve

CVE-2023-4775

The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS

5.3AI Score

0.001EPSS

2023-11-13 08:15 AM
18
cve
cve

CVE-2011-3810

TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by...

6.3AI Score

0.002EPSS

2022-10-03 04:15 PM
19
cve
cve

CVE-2021-24953

The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting...

6.1CVSS

6AI Score

0.001EPSS

2022-03-07 09:15 AM
57
cve
cve

CVE-2013-2631

TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page...

5.3CVSS

5AI Score

0.007EPSS

2020-02-03 03:15 PM
19
cve
cve

CVE-2012-2931

PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php...

7.2CVSS

7AI Score

0.002EPSS

2020-01-09 09:15 PM
29
cve
cve

CVE-2014-5014

The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in...

9.8CVSS

9.6AI Score

0.002EPSS

2018-04-25 05:29 PM
20
cve
cve

CVE-2017-16635

In TinyWebGallery v2.4, an XSS vulnerability is located in the mkname, mkitem, and item parameters of the Add/Create module. Remote attackers with low-privilege user accounts for backend access are able to inject malicious script codes into the TWG Explorer item listing. The request method to...

5.4CVSS

5.5AI Score

0.001EPSS

2017-11-06 10:29 PM
30
cve
cve

CVE-2012-2932

Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to...

5.8AI Score

0.002EPSS

2015-04-24 02:59 PM
23
cve
cve

CVE-2012-2930

Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in...

7.8AI Score

0.004EPSS

2015-04-24 02:59 PM
18
cve
cve

CVE-2012-5347

TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code via shell metacharacters in the command parameter to (1) inc/filefunctions.inc or (2)...

8.1AI Score

0.28EPSS

2012-10-09 03:55 PM
21
cve
cve

CVE-2009-1911

Directory traversal vulnerability in .include/init.php (aka admin/_include/init.php) in QuiXplorer 2.3.2 and earlier, as used in TinyWebGallery (TWG) 1.7.6 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to...

7.3AI Score

0.81EPSS

2009-06-04 04:30 PM
29
cve
cve

CVE-2007-4958

Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this information is unknown; the...

5.8AI Score

0.002EPSS

2007-09-18 10:17 PM
26
cve
cve

CVE-2006-4166

PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the image parameter to (1) image.php or (2)...

8AI Score

0.147EPSS

2006-08-16 10:04 PM
17
cve
cve

CVE-2006-1802

Cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4 allows remote attackers to inject arbitrary web script or HTML via the twg_album...

5.7AI Score

0.006EPSS

2006-04-18 10:02 AM
16