Vulnerabilities > CVE-2005-1311 - Cross-Site Scripting vulnerability in Yappa-NG

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
yappa-ng
nessus

Summary

Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

Nessus

NASL familyCGI abuses
NASL idYAPPA_NG_2_3_2.NASL
descriptionThe version of yappa-ng installed on the remote host is prone to multiple file include and cross-site scripting vulnerabilities due to its failure to sanitize user-supplied script input when calling various include scripts directly. By exploiting the file include vulnerabilities, an attacker can read arbitrary files on the remote host and possibly even run arbitrary code, subject to the privileges of the web server process. And by exploiting the cross-site scripting vulnerabilities, he can cause arbitrary script and HTML code to be run in a user
last seen2020-06-01
modified2020-06-02
plugin id18150
published2005-04-27
reporterThis script is Copyright (C) 2005-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/18150
titleyappa-ng < 2.3.2 Multiple Vulnerabilities