Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment.
References
Link | Resource |
---|---|
http://secunia.com/advisories/15600/ | Vendor Advisory |
http://securitytracker.com/id?1014103 | Exploit Vendor Advisory |
http://secwatch.org/advisories/secwatch/20050530_yapig.txt | Exploit Vendor Advisory |
http://www.osvdb.org/17118 | |
http://www.securityfocus.com/bid/13875 | Exploit |
http://www.securityfocus.com/bid/13876 | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:43
Updated: 2022-10-03T16:22:43
Reserved: 2022-10-03T00:00:00
Link: CVE-2005-1886
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-06-09T04:00:00.000
Modified: 2008-09-05T20:50:20.650
Link: CVE-2005-1886
JSON object: View
Redhat Information
No data.
CWE