Vulnerabilities > CVE-2007-0141 - HTML Injection vulnerability in YET Another Link Directory YET Another Link Directory 1.0

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

yet-another-link-directory

NVD

Published: 2007-01-09

Updated: 2018-10-16

Summary

Cross-site scripting (XSS) vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Vulnerable Configurations

Part	Description	Count
Application	Yet_Another_Link_Directory YET Another Link Directory YET Another Link Directory 1.0	1

References

http://osvdb.org/31626
http://secunia.com/advisories/23646
http://securityreason.com/securityalert/2121
http://www.securityfocus.com/archive/1/456122/100/0/threaded
http://www.securityfocus.com/bid/21904
http://www.vupen.com/english/advisories/2007/0082
https://exchange.xforce.ibmcloud.com/vulnerabilities/31322