Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

From: Kuon_at_Armorize_dot_com () no this.domain
Date: 25 Aug 2006 10:47:33 -0000
/*  
    Kuon <Armorize Security Team>

    Kuon-[at]-Armorize.com

    YaPiG thanks_comment.php Cross-Site Scripting Vulnerability

    Contact : Kuon-[at]-Armorize.com

    Link : www.Armorize.com
*/

Armorize Technologies Security Advisory

Advisory No: 20061001
Date: 2006/08/25

Affected Software: 
yapig 0.95b

Vulnerability Description: 
Cross-Site Scripting Vulnerability

Detection/Exploit:
http://www.example.com/[PATH]/template/default/thanks_comment.php?D_REFRESH_URL=[XSS]

Disclosure Timeline:
2006/08/17

Armorize Technologies provides next-generation source code analysis tools to help developers identify and remediate 
vulnerabilities in their web application source. CodeSecure™, Armorize’s premier source code analysis tool is available 
for analysis of PHP, JSP and ASP. Find out more at www.armorize.com .
Previous By Date Next
Previous By Thread Next

Current thread: