4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.003 Low
EPSS
Percentile
69.2%
yappa-ng <http://www.zirkon.at/zirkon/scripts/yappa-ng/yappa-ng_main_eng.html> provided by yet another PHP photo album next generation (according to the original report submitted by the reporter) is a PHP photo gallery.
yappa-ng contains a cross-site scripting vulnerability (CWE-79) which allows unintentional script execution on the userβs web browser.
An arbitrary script may be executed on the web browser of the user who is accessing a website that uses yappa-ng.
Consider stop using yappa-ng 2.3.2
Since the developer was unreachable, existence of any mitigations is unknown.