Vulnerabilities > CVE-2005-1311 - Cross-Site Scripting vulnerability in Yappa-NG
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
Vulnerable Configurations
Nessus
| NASL family | CGI abuses |
| NASL id | YAPPA_NG_2_3_2.NASL |
| description | The version of yappa-ng installed on the remote host is prone to multiple file include and cross-site scripting vulnerabilities due to its failure to sanitize user-supplied script input when calling various include scripts directly. By exploiting the file include vulnerabilities, an attacker can read arbitrary files on the remote host and possibly even run arbitrary code, subject to the privileges of the web server process. And by exploiting the cross-site scripting vulnerabilities, he can cause arbitrary script and HTML code to be run in a user |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 18150 |
| published | 2005-04-27 |
| reporter | This script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/18150 |
| title | yappa-ng < 2.3.2 Multiple Vulnerabilities |