Vulnerabilities > CVE-2005-1886 - Cross-Site Scripting vulnerability in Yapig 0.92B/0.93U/0.94U

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
yapig
nessus
exploit available
NVD
Published: 2005-06-09
Updated: 2008-09-05

Summary

Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment.

Vulnerable Configurations

Part Description Count
Application
Yapig
3

Exploit-Db

descriptionYaPiG 0.9x View.PHP Cross-Site Scripting Vulnerability. CVE-2005-1886. Webapps exploit for php platform
idEDB-ID:25793
last seen2016-02-03
modified2005-06-06
published2005-06-06
reporteranonymous
sourcehttps://www.exploit-db.com/download/25793/
titleYaPiG 0.9x View.PHP Cross-Site Scripting Vulnerability

Nessus

NASL familyCGI abuses
NASL idYAPIG_MULTIPLE_FLAWS.NASL
descriptionThe remote host is running YaPiG, a web-based image gallery written in PHP. The installed version of YaPiG is vulnerable to multiple flaws : - Remote and local file inclusion. - Cross-site scripting and HTML injection flaws through
last seen2020-06-01
modified2020-06-02
plugin id18523
published2005-06-17
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18523
titleYaPiG < 0.95b Multiple Vulnerabilities

References