XGB Guestbook 1.2 User-Embedded Scripting Vulnerability

2002-04-15T00:00:00
ID EDB-ID:21381
Type exploitdb
Reporter Firehack
Modified 2002-04-15T00:00:00

Description

XGB Guestbook 1.2 User-Embedded Scripting Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/4513/info

xGB is guestbook software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems.

xGB allows users to post images in guestbook entries by using special syntax to denote a link to an image. However, script code is not filtered from the image tags ([img][/img]) used by the guestbook. An attacker may cause script code to be executed by arbitrary web users who view the guestbook entries. 

[img]javascript:alert('This Guestbook allows Cross Site
Scripting');[/img]