ByteOS Network

Vulnerability Details :

CVE-2005-4799

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-15 May, 2006 | 16:00

Updated At-08 Aug, 2024 | 00:01

Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php. NOTE: due to lack of details from the researcher, it is not clear whether the comment vector overlaps CVE-2005-1886.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:15 May, 2006 | 16:00

Updated At:08 Aug, 2024 | 00:01

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.securityfocus.com/bid/15095	vdb-entry x_refsource_BID
https://exchange.xforce.ibmcloud.com/vulnerabilities/22750	vdb-entry x_refsource_XF
http://www.securityfocus.com/bid/15092	vdb-entry x_refsource_BID
http://www.osvdb.org/19958	vdb-entry x_refsource_OSVDB
http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html	mailing-list x_refsource_BUGTRAQ
http://www.osvdb.org/19959	vdb-entry x_refsource_OSVDB
https://exchange.xforce.ibmcloud.com/vulnerabilities/22752	vdb-entry x_refsource_XF
http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt	x_refsource_MISC
http://secunia.com/advisories/17041	third-party-advisory x_refsource_SECUNIA

Hyperlink: http://www.securityfocus.com/bid/15095

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/22750

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://www.securityfocus.com/bid/15092

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.osvdb.org/19958

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://www.osvdb.org/19959

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/22752

Resource:

vdb-entry

x_refsource_XF

Hyperlink: http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt

Resource:

x_refsource_MISC

Hyperlink: http://secunia.com/advisories/17041

Resource:

third-party-advisory

x_refsource_SECUNIA

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securityfocus.com/bid/15095	vdb-entry x_refsource_BID x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/22750	vdb-entry x_refsource_XF x_transferred
http://www.securityfocus.com/bid/15092	vdb-entry x_refsource_BID x_transferred
http://www.osvdb.org/19958	vdb-entry x_refsource_OSVDB x_transferred
http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html	mailing-list x_refsource_BUGTRAQ x_transferred
http://www.osvdb.org/19959	vdb-entry x_refsource_OSVDB x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/22752	vdb-entry x_refsource_XF x_transferred
http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt	x_refsource_MISC x_transferred
http://secunia.com/advisories/17041	third-party-advisory x_refsource_SECUNIA x_transferred

Hyperlink: http://www.securityfocus.com/bid/15095

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/22750

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://www.securityfocus.com/bid/15092

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.osvdb.org/19958

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://www.osvdb.org/19959

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/22752

Resource:

vdb-entry

x_refsource_XF

x_transferred

Hyperlink: http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://secunia.com/advisories/17041

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:31 Dec, 2005 | 05:00

Updated At:03 Apr, 2025 | 01:03

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.1	MEDIUM	AV:N/AC:H/Au:N/C:P/I:P/A:P

Type: Primary

Version: 2.0

Base score: 5.1

Base severity: MEDIUM

Vector:

AV:N/AC:H/Au:N/C:P/I:P/A:P

CPE Matches

yapig>>yapig>>Versions up to 0.95b(inclusive)

cpe:2.3:a:yapig:yapig:*:*:*:*:*:*:*:*

yapig>>yapig>>0.92b

cpe:2.3:a:yapig:yapig:0.92b:*:*:*:*:*:*:*

yapig>>yapig>>0.93u

cpe:2.3:a:yapig:yapig:0.93u:*:*:*:*:*:*:*

yapig>>yapig>>0.94u

cpe:2.3:a:yapig:yapig:0.94u:*:*:*:*:*:*:*

yapig>>yapig>>0.95

cpe:2.3:a:yapig:yapig:0.95:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

Evaluator Solution

Successful exploitation requires that "register_globals" is enabled.

References

Hyperlink	Source	Resource
http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html	cve@mitre.org	Exploit Vendor Advisory
http://secunia.com/advisories/17041	cve@mitre.org	Exploit Vendor Advisory
http://www.osvdb.org/19958	cve@mitre.org	N/A
http://www.osvdb.org/19959	cve@mitre.org	N/A
http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt	cve@mitre.org	Exploit Vendor Advisory
http://www.securityfocus.com/bid/15092	cve@mitre.org	Exploit
http://www.securityfocus.com/bid/15095	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/22750	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/22752	cve@mitre.org	N/A
http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html	af854a3a-2127-422b-91ae-364da2661108	Exploit Vendor Advisory
http://secunia.com/advisories/17041	af854a3a-2127-422b-91ae-364da2661108	Exploit Vendor Advisory
http://www.osvdb.org/19958	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.osvdb.org/19959	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt	af854a3a-2127-422b-91ae-364da2661108	Exploit Vendor Advisory
http://www.securityfocus.com/bid/15092	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.securityfocus.com/bid/15095	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/22750	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/22752	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html

Source: cve@mitre.org

Resource:

Exploit

Vendor Advisory

Hyperlink: http://secunia.com/advisories/17041

Source: cve@mitre.org

Resource:

Exploit

Vendor Advisory

Hyperlink: http://www.osvdb.org/19958

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.osvdb.org/19959

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.seclab.tuwien.ac.at/advisories/TUVSA-0510-001.txt

Source: cve@mitre.org

Resource:

Exploit

Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/15092

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://www.securityfocus.com/bid/15095

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/22750

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/22752

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://archives.neohapsis.com/archives/bugtraq/2005-10/0161.html