YaPiG version 0.95b suffers from a cross site scripting flaw in thanks_comment.php.
a982a9b5ba5887ea81861b13af1b6c9cc66c2bd6a188b82d880f450e5ed84e25
/*
Kuon <Armorize Security Team>
Kuon-[at]-Armorize.com
YaPiG thanks_comment.php Cross-Site Scripting Vulnerability
Contact : Kuon-[at]-Armorize.com
Link : www.Armorize.com
*/
Armorize Technologies Security Advisory
Advisory No: 20061001
Date: 2006/08/25
Affected Software:
yapig 0.95b
Vulnerability Description:
Cross-Site Scripting Vulnerability
Detection/Exploit:
http://www.example.com/[PATH]/template/default/thanks_comment.php?D_REFRESH_URL=[XSS]
Disclosure Timeline:
2006/08/17
Armorize Technologies provides next-generation source code analysis tools to help developers identify and remediate vulnerabilities in their web application source. CodeSecure, Armorizes premier source code analysis tool is available for analysis of PHP, JSP and ASP. Find out more at www.armorize.com .