header-logo
Suggest Exploit
vendor:
Yapig
by:
Unknown
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: Yapig
Affected Version From: 0.95b
Affected Version To: 0.95b
Patch Exists: NO
Related CWE: Not provided
CPE: a:yapig_project:yapig:0.95b
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Cross-Site Scripting Vulnerability in Yapig

Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Mitigation:

Proper input validation and sanitization of user-supplied data should be implemented to prevent cross-site scripting vulnerabilities. Additionally, web application firewalls can be used to detect and block malicious script code.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/15092/info

Yapig is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

YaPig versions 0.95b and earlier are affected. 

http://www.example.com/path-to-yapig/view.php?gid=1&phid=1&img_size=><script>alert('hi')</script>

Navigation

Suggest Exploit

Services By CQR