CVE-2005-4799

Name of the Vulnerable Software and Affected Versions Yet Another PHP Image Gallery (YaPIG) versions 0.95b and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, which can lead to cross-site scripting (XSS) attacks. This can be achieved via two main vectors: (1) the Homepage field in an image-related comment and (2) the img size field in "view.php".

Recommendations For Yet Another PHP Image Gallery (YaPIG) versions 0.95b and earlier, consider disabling the comment feature and restricting access to the "view.php" file until a patch is available. Avoid using the img size field in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.