Lucene search

[email protected]CVE-2012-2932

HistoryApr 24, 2015 - 2:59 p.m.

CVE-2012-2932

2015-04-2414:59:03

CWE-79

[email protected]

web.nvd.nist.gov

cve-2012-2932

cross-site scripting

xss

tinywebgallery

twg

remote attackers

web script

html

injection

vulnerabilities

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the selitems[] parameter in a (1) copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php.

Affected configurations

NVD

Node

tinywebgallerytinywebgalleryRange≤1.8.6

CPENameOperatorVersion
tinywebgallery:tinywebgallerytinywebgalleryle1.8.6

CPE	Name	Operator	Version
tinywebgallery:tinywebgallery	tinywebgallery	le	1.8.6

References

osvdb.org/82962

www.securityfocus.com/bid/54019

www.tinywebgallery.com/forum/web-photo-gallery-news-f14/twg-1-8-8-is-available-t3274.html

www.htbridge.com/advisory/HTB23093

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

64.9%

JSON

Related for CVE-2012-2932

prion1 cvelist1 nvd1 htbridge1 securityvulns2