Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Tiles Security Vulnerabilities

cve
cve

CVE-2023-49735

** UNSUPPORTED WHEN ASSIGNED ** The value set as the DefaultLocaleResolver.LOCALE_KEY attribute on the session was not validated while resolving XML definition files, leading to possible path traversal and eventually SSRF/XXE when passing user-controlled data to this key. Passing user-controlled...

7.5CVSS

7.4AI Score

0.001EPSS

2023-11-30 10:15 PM
10
cve
cve

CVE-2023-30969

The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the...

8.2CVSS

6.4AI Score

0.0005EPSS

2023-10-26 12:15 AM
21
cve
cve

CVE-2023-25482

Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2...

8.8CVSS

8.8AI Score

0.001EPSS

2023-07-18 12:15 PM
14
cve
cve

CVE-2023-1426

The WP Tiles WordPress plugin through 1.1.2 does not ensure that posts to be displayed are not draft/private, allowing any authenticated users, such as subscriber to retrieve the titles of draft and privates posts for example. AN attacker could also retrieve the title of any other type of...

6.5CVSS

6.3AI Score

0.001EPSS

2023-04-10 02:15 PM
41
cve
cve

CVE-2022-4827

The WP Tiles WordPress plugin through 1.1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

5.3AI Score

0.001EPSS

2023-04-10 02:15 PM
22
cve
cve

CVE-2022-0186

The Image Photo Gallery Final Tiles Grid WordPress plugin before 3.5.3 does not sanitise and escape the Description field when editing a gallery, allowing users with a role as low as contributor to perform Cross-Site Scripting attacks against other users having access to the gallery...

5.4CVSS

5.2AI Score

0.001EPSS

2022-02-21 11:15 AM
82
cve
cve

CVE-2020-14962

Multiple XSS vulnerabilities in the Final Tiles Gallery plugin before 3.4.19 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Title (aka imageTitle) or Caption (aka description) field of an image to...

5.4CVSS

5.4AI Score

0.001EPSS

2020-06-22 12:15 AM
35
cve
cve

CVE-2009-1275

Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other products, evaluates Expression Language (EL) expressions twice in certain circumstances, which allows remote attackers to conduct cross-site scripting (XSS) attacks or obtain sensitive information via unspecified vectors, related to....

5.7AI Score

0.005EPSS

2009-04-09 03:08 PM
30