Vulnerabilities > CVE-2005-1886 - Cross-Site Scripting vulnerability in Yapig 0.92B/0.93U/0.94U
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 3 |
Exploit-Db
description | YaPiG 0.9x View.PHP Cross-Site Scripting Vulnerability. CVE-2005-1886. Webapps exploit for php platform |
id | EDB-ID:25793 |
last seen | 2016-02-03 |
modified | 2005-06-06 |
published | 2005-06-06 |
reporter | anonymous |
source | https://www.exploit-db.com/download/25793/ |
title | YaPiG 0.9x View.PHP Cross-Site Scripting Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | YAPIG_MULTIPLE_FLAWS.NASL |
description | The remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws : - Remote and local file inclusion. - Cross-site scripting and HTML injection flaws through |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 18523 |
published | 2005-06-17 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/18523 |
title | YaPiG < 0.95b Multiple Vulnerabilities |