YaPiG version 0.95b suffers from a cross site scripting flaw in thanks_comment.php.
a982a9b5ba5887ea81861b13af1b6c9cc66c2bd6a188b82d880f450e5ed84e25/*
Kuon <Armorize Security Team>
Kuon-[at]-Armorize.com
YaPiG thanks_comment.php Cross-Site Scripting Vulnerability
Contact : Kuon-[at]-Armorize.com
Link : www.Armorize.com
*/
Armorize Technologies Security Advisory
Advisory No: 20061001
Date: 2006/08/25
Affected Software:
yapig 0.95b
Vulnerability Description:
Cross-Site Scripting Vulnerability
Detection/Exploit:
http://www.example.com/[PATH]/template/default/thanks_comment.php?D_REFRESH_URL=[XSS]
Disclosure Timeline:
2006/08/17
Armorize Technologies provides next-generation source code analysis tools to help developers identify and remediate vulnerabilities in their web application source. CodeSecure™, Armorize’s premier source code analysis tool is available for analysis of PHP, JSP and ASP. Find out more at www.armorize.com .
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed