CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9177
https://notcve.org/view.php?id=CVE-2018-9177
08 Jun 2018 — Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. Twonky Server en versiones anteriores a la 8.5.1 tiene Cross-Site Scripting (XSS) mediante un nombre de carpeta en la pantalla Shared Folders. • https://gist.github.com/prafagr/bd641fcfe71661065e659672c737173b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9182
https://notcve.org/view.php?id=CVE-2018-9182
08 Jun 2018 — Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. Twonky Server en versiones anteriores a la 8.5.1 tiene Cross-Site Scripting (XSS) mediante un parámetro "language" modificado en la sección Language. • https://gist.github.com/priyanksethi/08fb93341cf7e61344aad5c4fee3aa9b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 50%CPEs: 1EXPL: 4CVE-2018-7171 – TwonkyMedia Server 7.0.11-8.5 - Directory Traversal
https://notcve.org/view.php?id=CVE-2018-7171
29 Mar 2018 — Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all. Una vulnerabilidad de salto de directorio en Twonky Server desde la versión 7.0.11 hasta la 8.5 permite que atacantes remotos compartan los contenidos de directorios arbitrarios mediante un .. (punto punto) en el parámetro contentbase en rpc/set_all. TwonkyMedia Server version 7.0.11-8.5 suffers from a dir... • https://packetstorm.news/files/id/146938 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2018-7203 – TwonkyMedia Server 7.0.11-8.5 - Persistent Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-7203
29 Mar 2018 — Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. Una vulnerabilidad Cross-Site Scripting (XSS) en Twonky Server desde la versión 7.0.11 hasta la 8.5 permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro friendlyname en rpc/set_all. TwonkyMedia Server version 7.0.11-8.5 suffers from a persistent cross site scripting vulnerability. • https://packetstorm.news/files/id/146939 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •