Cross-Site Scripting in TinyWebGallery by TinyWebGallery
CVE-2006-1802

Currently unrated

Key Information:

Vendor: Tinywebgallery
Status: Tinywebgallery
Vendor: CVE Published:; 18 April 2006

🔔 Create Tinywebgallery Vulnerability Alert

What is CVE-2006-1802?

The vulnerability is found in the index.php file of TinyWebGallery versions 1.3 and 1.4. It allows remote attackers to exploit the application by injecting arbitrary web script or HTML through the 'twg_album' parameter. This could potentially compromise user data, manipulate content, or redirect users to malicious sites, posing significant risks to web application security.

References

http://www.vupen.com/english/advisories/2006/1369

vdb-entryx_refsource_VUPEN

http://securityreason.com/securityalert/717

third-party-advisoryx_refsource_SREASON

http://www.securityfocus.com/archive/1/431069/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 18, 2006
Vulnerability Reserved
Apr 17, 2006

JSON