Vulnerabilities > Tinywebgallery

DATE CVE VULNERABILITY TITLE RISK
2024-02-05 CVE-2024-24870 Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10.
network
low complexity
tinywebgallery CWE-79
5.4
2024-02-01 CVE-2023-51690 Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.8.
network
low complexity
tinywebgallery CWE-79
5.4
2024-02-01 CVE-2023-7069 Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
tinywebgallery CWE-79
5.4
2023-11-13 CVE-2023-4775 Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes.
network
low complexity
tinywebgallery CWE-79
5.4
2022-03-07 CVE-2021-24953 Cross-site Scripting vulnerability in Tinywebgallery Advanced Iframe
The Advanced iFrame WordPress plugin before 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
4.3
2020-02-03 CVE-2013-2631 Information Exposure vulnerability in Tinywebgallery
TinyWebGallery (TWG) 1.8.9 and earlier contains a full path disclosure vulnerability which allows remote attackers to obtain sensitive information through the parameters "twg_browserx" and "twg_browsery" in the page image.php.
network
low complexity
tinywebgallery CWE-200
5.0
2020-01-09 CVE-2012-2931 Injection vulnerability in Tinywebgallery
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.
network
low complexity
tinywebgallery CWE-74
6.5
2018-04-25 CVE-2014-5014 Command Injection vulnerability in Tinywebgallery Wordpress Flash Uploader
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.
network
low complexity
tinywebgallery CWE-77
7.5
2017-11-06 CVE-2017-16635 Cross-site Scripting vulnerability in Tinywebgallery 2.4
In TinyWebGallery v2.4, an XSS vulnerability is located in the `mkname`, `mkitem`, and `item` parameters of the `Add/Create` module.
3.5
2015-04-24 CVE-2012-2932 Cross-site Scripting vulnerability in Tinywebgallery
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php.
4.3