CVE-2010-5303
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.
View on NVDSeverity
N/A
EPSS
Probability of exploitation (next 30 days): 0.0022 (0.2%)
Percentile: 45.1%
EPSS: 2026-05-06
Affects
binarymoon:timthumbTechnical description
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.
Published: 8/21/2014, 11:55:02 PM
Last modified: 5/6/2026, 10:30:45 PM