Vulnerability Description
Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters when posting a new comment.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yapig | Yapig | 0.92b |
References
- http://secunia.com/advisories/15600/Vendor Advisory
- http://securitytracker.com/id?1014103ExploitVendor Advisory
- http://secwatch.org/advisories/secwatch/20050530_yapig.txtExploitVendor Advisory
- http://www.osvdb.org/17118
- http://www.securityfocus.com/bid/13875Exploit
- http://www.securityfocus.com/bid/13876Exploit
- http://secunia.com/advisories/15600/Vendor Advisory
- http://securitytracker.com/id?1014103ExploitVendor Advisory
- http://secwatch.org/advisories/secwatch/20050530_yapig.txtExploitVendor Advisory
- http://www.osvdb.org/17118
- http://www.securityfocus.com/bid/13875Exploit
- http://www.securityfocus.com/bid/13876Exploit
FAQ
What is CVE-2005-1886?
CVE-2005-1886 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via (1) the phid parameter or (2) unknown parameters...
How severe is CVE-2005-1886?
CVE-2005-1886 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-1886?
Check the references section above for vendor advisories and patch information. Affected products include: Yapig Yapig.