YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

2006.08.29
Credit: Kuon
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

/* Kuon <Armorize Security Team> Kuon-[at]-Armorize.com YaPiG thanks_comment.php Cross-Site Scripting Vulnerability Contact : Kuon-[at]-Armorize.com Link : www.Armorize.com */ Armorize Technologies Security Advisory Advisory No: 20061001 Date: 2006/08/25 Affected Software: yapig 0.95b Vulnerability Description: Cross-Site Scripting Vulnerability Detection/Exploit: http://www.example.com/[PATH]/template/default/thanks_comment.php?D_REFR ESH_URL=[XSS] Disclosure Timeline: 2006/08/17 Armorize Technologies provides next-generation source code analysis tools to help developers identify and remediate vulnerabilities in their web application source. CodeSecure?, Armorize?s premier source code analysis tool is available for analysis of PHP, JSP and ASP. Find out more at www.armorize.com .


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top