PT-2005-2843 · Yapig · Yapig

Published

2005-06-07

Updated

2008-09-05

CVE-2005-1886

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions YaPiG versions 0.92b through 0.94u

Description The issue is related to a cross-site scripting (XSS) problem. It allows remote attackers to inject arbitrary web script or HTML via the phid parameter or unknown parameters when posting a new comment.

Recommendations For YaPiG versions 0.92b through 0.94u, consider restricting access to the view.php file until a patch is available. As a temporary workaround, avoid using the phid parameter when posting new comments.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1886

Affected Products

Yapig

PT-2005-2843 · Yapig · Yapig

CVE-2005-1886

Related Identifiers

Affected Products

References · 8