Vulnerabilities > CVE-2005-2736 - Unspecified vulnerability in Yapig

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
yapig
nessus

Summary

Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.

Vulnerable Configurations

Part Description Count
Application
Yapig
5

Nessus

NASL familyCGI abuses
NASL idYAPIG_EXIF_XSS.NASL
descriptionThe remote host is running YaPiG, a web-based image gallery written in PHP. According to its banner, the version of YaPiG installed on the remote host is prone to arbitrary PHP code injection and cross-site scripting attacks.
last seen2020-06-01
modified2020-06-02
plugin id19515
published2005-08-27
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19515
titleYaPiG <= 0.9.5b Multiple Vulnerabilities