Vulnerabilities > Lynxtechnology > Twonky Server > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-08 | CVE-2018-9182 | Cross-site Scripting vulnerability in Lynxtechnology Twonky Server Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. | 6.1 |
| 2018-06-08 | CVE-2018-9177 | Cross-site Scripting vulnerability in Lynxtechnology Twonky Server Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. | 6.1 |
| 2018-03-30 | CVE-2018-7203 | Cross-site Scripting vulnerability in Lynxtechnology Twonky Server Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. | 6.1 |