Cross-Site Scripting Vulnerabilities in TinyWebGallery by TinyWebGallery
CVE-2012-2932

Currently unrated

Key Information:

Vendor

Tinywebgallery

Status
Tinywebgallery
Vendor
CVE Published:
24 April 2015

What is CVE-2012-2932?

TinyWebGallery versions earlier than 1.8.8 are prone to multiple cross-site scripting (XSS) vulnerabilities. Attackers could exploit these weaknesses to inject arbitrary web scripts or HTML into the application. This can occur through various parameters, such as selitems[] during copy, chmod, or arch actions targeting admin/index.php, and via the searchitem parameter during search actions. Effective security measures must be implemented to prevent unauthorized script injection and protect sensitive user data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.tinywebgallery.com/forum/web-photo-gallery-new...
x_refsource_CONFIRM
https://www.htbridge.com/advisory/HTB23093
x_refsource_MISC
http://www.securityfocus.com/bid/54019
vdb-entryx_refsource_BID

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.