Vulnerabilities > Tinywebgallery
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-05 | CVE-2024-24870 | Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10. | 5.4 |
| 2024-02-01 | CVE-2023-51690 | Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8. | 5.4 |
| 2024-02-01 | CVE-2023-7069 | Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2023-11-13 | CVE-2023-4775 | Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. | 5.4 |
| 2022-03-07 | CVE-2021-24953 | Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue | 6.1 |
| 2020-02-03 | CVE-2013-2631 | Information Exposure vulnerability in Tinywebgallery TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php. | 5.3 |
| 2020-01-09 | CVE-2012-2931 | Injection vulnerability in Tinywebgallery PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file. | 7.2 |
| 2018-04-25 | CVE-2014-5014 | Command Injection vulnerability in Tinywebgallery Wordpress Flash Uploader The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path. | 9.8 |
| 2017-11-06 | CVE-2017-16635 | Cross-site Scripting vulnerability in Tinywebgallery 2.4 In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module. | 5.4 |