CVE-2005-2736

Published: Aug 30, 2005Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.

Affected (5)

Products: Yapig: Yapig

Yapig

1 product

Yapig

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Yapig Yapig	Version 0.92b
Yapig Yapig	Version 0.93u
Yapig Yapig	Version 0.94u
Yapig Yapig	Version 0.95
Yapig Yapig	Version 0.95b

References (12)

http://cedri.cc/advisories/EXIF_XSS.txt

Source: cve@mitre.org

Vendor Advisory

http://marc.info/?l=bugtraq&m=112511025414488&w=2

Source: cve@mitre.org

http://secunia.com/advisories/16596/

Source: cve@mitre.org

http://securitytracker.com/id?1014802

Source: cve@mitre.org

http://www.securityfocus.com/bid/14670

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/22020

Source: cve@mitre.org

http://cedri.cc/advisories/EXIF_XSS.txt