TinyWebGallery Cross Site Scripting And Local File Include Vulnerabilities Network Vulnerability

Summary

TinyWebGallery is prone to local file-include and cross-site scripting vulnerabilities because the application fails to properly sanitize user- supplied input. A remote attacker may leverage the cross-site scripting issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. Exploiting the local file-include issue allows the attacker to view and subsequently execute local files within the context of the webserver process. TinyWebGallery 1.8.3 is vulnerable other versions may also be affected.

Solution

Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

References

http://www.tinywebgallery.com/en/overview.php
https://www.securityfocus.com/bid/46086

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache Struts Cross Site Scripting Vulnerability
Ampache Reflected Cross Site Scripting Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability
@Mail WebMail Email Body HTML Injection Vulnerability

TinyWebGallery Cross Site Scripting and Local File Include Vulnerabilities

Take action and discover your vulnerabilities