Japan Vulnerability NotesJVN:55833077JVN#55833077: yappa-ng vulnerable to cross-site scripting
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.2%
yappa-ng <http://www.zirkon.at/zirkon/scripts/yappa-ng/yappa-ng_main_eng.html> provided by yet another PHP photo album next generation (according to the original report submitted by the reporter) is a PHP photo gallery.
yappa-ng contains a cross-site scripting vulnerability (CWE-79) which allows unintentional script execution on the userβs web browser.
Impact
An arbitrary script may be executed on the web browser of the user who is accessing a website that uses yappa-ng.
Solution
Consider stop using yappa-ng 2.3.2
Since the developer was unreachable, existence of any mitigations is unknown.
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.2%