https://www.exploit-db.com/exploits/25533

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/13372/info

yappa-ng is prone to an unspecified cross-site scripting vulnerability. This issue may allow for theft of cookie-based authentication credentials or other attacks.

The vendor has not published any specific details about this vulnerability other than stating that it is addressed in the 2.3.2 security release of the software. 

http://www.example.com/admin_modules/admin_module_info.inc.php?lang_akt[admin_ainfo_hmain]=[XSS]
http://www.example.com/src/index_footer-copyright.inc.php?config[release]=[XSS]
http://www.example.com/src/index_thumbs.inc.php?page[thumb_table_width]=[XSS]