CVE-2005-1886

Properties

Published:
08.06.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:N/I:C/A:N/B:N) Approximated
    Product:
    YaPiG: YaPiG
    YaPiG: YaPiG
    YaPiG: YaPiG

    Vulnerability description

    Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment.

    References:

    MISC: http://secwatch.org/advisories/secwatch/20050530_yapig.txt
    BID: http://www.securityfocus.com/bid/13875
    BID: http://www.securityfocus.com/bid/13876
    OSVDB: http://www.osvdb.org/17118
    SECUNIA: http://secunia.com/advisories/15600/
    SECTRACK: http://securitytracker.com/id?1014103