Cross-Site Scripting Vulnerabilities in TinyWebGallery by TinyWebGallery
CVE-2012-2932
Currently unrated
What is CVE-2012-2932?
TinyWebGallery versions earlier than 1.8.8 are prone to multiple cross-site scripting (XSS) vulnerabilities. Attackers could exploit these weaknesses to inject arbitrary web scripts or HTML into the application. This can occur through various parameters, such as selitems[] during copy, chmod, or arch actions targeting admin/index.php, and via the searchitem parameter during search actions. Effective security measures must be implemented to prevent unauthorized script injection and protect sensitive user data.