Vulnerabilities > CVE-2006-4421 - Cross-Site Scripting vulnerability in Yapig 0.95B
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Exploit-Db
description | Yapig 0.9x Thanks_comment.PHP Cross Site Scripting Vulnerability. CVE-2006-4421. Webapps exploit for php platform |
id | EDB-ID:28428 |
last seen | 2016-02-03 |
modified | 2006-10-13 |
published | 2006-10-13 |
reporter | Kuon |
source | https://www.exploit-db.com/download/28428/ |
title | Yapig 0.9x Thanks_comment.PHP Cross-Site Scripting Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | YAPIG_EXIF_XSS.NASL |
description | The remote host is running YaPiG, a web-based image gallery written in PHP. According to its banner, the version of YaPiG installed on the remote host is prone to arbitrary PHP code injection and cross-site scripting attacks. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 19515 |
published | 2005-08-27 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/19515 |
title | YaPiG <= 0.9.5b Multiple Vulnerabilities |