YaPiG 0.9x - 'Thanks_comment.php' Cross-Site Scripting

EDB-ID:

28428


Author:

Kuon

Type:

webapps


Platform:

PHP

Date:

2006-10-13


source: https://www.securityfocus.com/bid/19709/info

Yapig is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. This may let an attacker steal cookie-based authentication credentials and launch other attacks.

This issue affects version 0.95b; other versions may also be vulnerable.

http://www.example.com/[PATH]/template/default/thanks_comment.php?D_REFRESH_URL=[XSS]