4 results (0.013 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Twonky Server before 8.5.1 has XSS via a modified "language" parameter in the Language section. Twonky Server en versiones anteriores a la 8.5.1 tiene Cross-Site Scripting (XSS) mediante un parámetro "language" modificado en la sección Language. • https://gist.github.com/priyanksethi/08fb93341cf7e61344aad5c4fee3aa9b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

Twonky Server before 8.5.1 has XSS via a folder name on the Shared Folders screen. Twonky Server en versiones anteriores a la 8.5.1 tiene Cross-Site Scripting (XSS) mediante un nombre de carpeta en la pantalla Shared Folders. • https://gist.github.com/prafagr/bd641fcfe71661065e659672c737173b • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2

Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. Una vulnerabilidad Cross-Site Scripting (XSS) en Twonky Server desde la versión 7.0.11 hasta la 8.5 permite que atacantes remotos inyecten scripts web o HTML mediante el parámetro friendlyname en rpc/set_all. TwonkyMedia Server version 7.0.11-8.5 suffers from a persistent cross site scripting vulnerability. • https://www.exploit-db.com/exploits/44351 http://packetstormsecurity.com/files/146939/TwonkyMedia-Server-7.0.11-8.5-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 2

Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to share the contents of arbitrary directories via a .. (dot dot) in the contentbase parameter to rpc/set_all. Una vulnerabilidad de salto de directorio en Twonky Server desde la versión 7.0.11 hasta la 8.5 permite que atacantes remotos compartan los contenidos de directorios arbitrarios mediante un .. (punto punto) en el parámetro contentbase en rpc/set_all. TwonkyMedia Server version 7.0.11-8.5 suffers from a directory traversal vulnerability. • https://www.exploit-db.com/exploits/44350 http://packetstormsecurity.com/files/146938/TwonkyMedia-Server-7.0.11-8.5-Directory-Traversal.html https://github.com/mechanico/sharingIsCaring/blob/master/twonky.py • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •