Vulnerabilities > CVE-2006-4421 - Cross-Site Scripting vulnerability in Yapig 0.95B

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
yapig
nessus
exploit available

Summary

Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter.

Vulnerable Configurations

Part Description Count
Application
Yapig
1

Exploit-Db

descriptionYapig 0.9x Thanks_comment.PHP Cross Site Scripting Vulnerability. CVE-2006-4421. Webapps exploit for php platform
idEDB-ID:28428
last seen2016-02-03
modified2006-10-13
published2006-10-13
reporterKuon
sourcehttps://www.exploit-db.com/download/28428/
titleYapig 0.9x Thanks_comment.PHP Cross-Site Scripting Vulnerability

Nessus

NASL familyCGI abuses
NASL idYAPIG_EXIF_XSS.NASL
descriptionThe remote host is running YaPiG, a web-based image gallery written in PHP. According to its banner, the version of YaPiG installed on the remote host is prone to arbitrary PHP code injection and cross-site scripting attacks.
last seen2020-06-01
modified2020-06-02
plugin id19515
published2005-08-27
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/19515
titleYaPiG <= 0.9.5b Multiple Vulnerabilities