ID OSVDB:25732 Type osvdb Reporter luny(luny@youfucktard.com) Modified 2006-05-22T05:34:17
Description
Vulnerability Description
DGBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "name", "homepage", "email", and "address" variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution Description
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Short Description
DGBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "name", "homepage", "email", and "address" variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
References:
Vendor URL: http://www.diangemilang.com/dgscripts.php
Secunia Advisory ID:20201Related OSVDB ID: 25733
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0477.html
FrSIRT Advisory: ADV-2006-1942
CVE-2006-2572
Bugtraq ID: 18310
{"enchantments": {"score": {"value": 4.7, "vector": "NONE", "modified": "2017-04-28T13:20:22", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-2572"]}], "modified": "2017-04-28T13:20:22", "rev": 2}, "vulnersScore": 4.7}, "bulletinFamily": "software", "affectedSoftware": [{"name": "DGBook", "operator": "eq", "version": "1.0"}], "references": [], "href": "https://vulners.com/osvdb/OSVDB:25732", "id": "OSVDB:25732", "title": "DGBook index.php Multiple Variable XSS", "type": "osvdb", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "lastseen": "2017-04-28T13:20:22", "edition": 1, "reporter": "luny(luny@youfucktard.com)", "description": "## Vulnerability Description\nDGBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"name\", \"homepage\", \"email\", and \"address\" variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nDGBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the \"name\", \"homepage\", \"email\", and \"address\" variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.\n## References:\nVendor URL: http://www.diangemilang.com/dgscripts.php\n[Secunia Advisory ID:20201](https://secuniaresearch.flexerasoftware.com/advisories/20201/)\n[Related OSVDB ID: 25733](https://vulners.com/osvdb/OSVDB:25733)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0477.html\nFrSIRT Advisory: ADV-2006-1942\n[CVE-2006-2572](https://vulners.com/cve/CVE-2006-2572)\nBugtraq ID: 18310\n", "modified": "2006-05-22T05:34:17", "viewCount": 0, "published": "2006-05-22T05:34:17", "cvelist": ["CVE-2006-2572"]}
