header-logo
Suggest Exploit
vendor:
yappa-ng
by:
SecurityFocus
4.3
CVSS
MEDIUM
Cross-Site Scripting
79
CWE
Product Name: yappa-ng
Affected Version From: 2.3.2001
Affected Version To: 2.3.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:yappa-ng:yappa-ng
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

yappa-ng Cross-Site Scripting Vulnerability

yappa-ng is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks. The vendor has not published any specific details about this vulnerability other than stating that it is addressed in the 2.3.2 security release of the software. Examples of vulnerable URLs include http://www.example.com/admin_modules/admin_module_info.inc.php?lang_akt[admin_ainfo_hmain]=[XSS], http://www.example.com/src/index_footer-copyright.inc.php?config[release]=[XSS], and http://www.example.com/src/index_thumbs.inc.php?page[thumb_table_width]=[XSS].

Mitigation:

Upgrade to version 2.3.2 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13372/info

yappa-ng is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks.

The vendor has not published any specific details about this vulnerability other than stating that it is addressed in the 2.3.2 security release of the software. 

http://www.example.com/admin_modules/admin_module_info.inc.php?lang_akt[admin_ainfo_hmain]=[XSS]
http://www.example.com/src/index_footer-copyright.inc.php?config[release]=[XSS]
http://www.example.com/src/index_thumbs.inc.php?page[thumb_table_width]=[XSS]

Navigation

Suggest Exploit

Services By CQR