Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
tinywebgallery tinywebgallery vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2007-4958
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote malicious users to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of this informati...
Tinywebgallery Tinywebgallery 1.6.3.4
5.4
CVSSv3
CVE-2023-51690
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a up to and including 2023.8.
Tinywebgallery Advanced Iframe
5.4
CVSSv3
CVE-2023-7069
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'advanced_iframe' shortcode in all versions up to, and including, 2023.10 due to insufficient input sanitization and output escaping on user supplied attributes. ...
Tinywebgallery Advanced Iframe
5.4
CVSSv3
CVE-2023-4775
The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possi...
Tinywebgallery Advanced Iframe
5.4
CVSSv3
CVE-2024-24870
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a up to and including 2023.10.
Tinywebgallery Advanced Iframe
6.1
CVSSv3
CVE-2021-24953
The Advanced iFrame WordPress plugin prior to 2022 does not sanitise and escape the ai_config_id parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting issue
Tinywebgallery Advanced Iframe
9.8
CVSSv3
CVE-2014-5014
The WordPress Flash Uploader plugin prior to 3.1.3 for WordPress allows remote malicious users to execute arbitrary commands via vectors related to invalid characters in image_magic_path.
Tinywebgallery Wordpress Flash Uploader
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2