Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Yapig | Yapig | 0.92b (including) | 0.92b (including) |
| Yapig | Yapig | 0.93u (including) | 0.93u (including) |
| Yapig | Yapig | 0.94u (including) | 0.94u (including) |
| Yapig | Yapig | 0.95 (including) | 0.95 (including) |
| Yapig | Yapig | 0.95b (including) | 0.95b (including) |