YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

Subject: YaPiG thanks_comment.php Cross-Site Scripting Vulnerability
Date: 25 Aug 2006 10:47:33 -0000
From: suppressed

/*  
    Kuon <Armorize Security Team>

    Kuon-[at]-Armorize.com

    YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

    Contact : Kuon-[at]-Armorize.com

    Link : www.Armorize.com
*/

Armorize Technologies Security Advisory

Advisory No: 20061001
Date: 2006/08/25

Affected Software: 
yapig 0.95b

Vulnerability Description: 
Cross-Site Scripting Vulnerability

Detection/Exploit:
http://www.example.com/[PATH]/template/default/thanks_comment.php?D_REFRESH_URL=[XSS]

Disclosure Timeline:
2006/08/17

Armorize Technologies provides next-generation source code analysis tools to help developers identify and remediate vulnerabilities in their web application source. CodeSecure?, Armorize?s premier source code analysis tool is available for analysis of PHP, JSP and ASP. Find out more at www.armorize.com .

Prev by Date: Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities
Next by Date: Re: Symantec Gateway Security DNS exploit
Previous by thread: Indiana University Security Advisory: Fuji Xerox Printing Systems (FXPS) print engine vulnerabilities
Next by thread: [ MDKSA-2006:150 ] - Updated kernel packages fix multiple vulnerabilities
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.