Yappa-NG 1.x/2.x Unspecified Cross-Site Scripting Vulnerability

2005-04-24T00:00:00
ID EDB-ID:25533
Type exploitdb
Reporter James Bercegay
Modified 2005-04-24T00:00:00

Description

Yappa-NG 1.x/2.x Unspecified Cross-Site Scripting Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/13372/info

yappa-ng is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks.

The vendor has not published any specific details about this vulnerability other than stating that it is addressed in the 2.3.2 security release of the software. 

http://www.example.com/admin_modules/admin_module_info.inc.php?lang_akt[admin_ainfo_hmain]=[XSS]
http://www.example.com/src/index_footer-copyright.inc.php?config[release]=[XSS]
http://www.example.com/src/index_thumbs.inc.php?page[thumb_table_width]=[XSS]