Threat Encyclopedia

Tiny.Web.Gallery.Index.PHP.XSS

description-logoDescription

A cross-site scripting (XSS) vulnerability in index.php in TinyWebGallery 1.3 and 1.4, allows remote attackers to inject an arbitrary web script or HTML via the twg_album parameter.

affected-products-logoAffected Products

TinyWebGallery version 1.4 and prior.

Impact logoImpact

Inject arbitrary web script or HTML.

recomended-action-logoRecommended Actions

Upgrade to TinyWebGallery version 1.4.2 :
http://www.tinywebgallery.com/en/download.htm

CVE References

CVE-2006-1802

Telemetry logoTelemetry