GuppY postguest Module XSS

2003-10-01T09:15:27
ID OSVDB:2625
Type osvdb
Reporter OSVDB
Modified 2003-10-01T09:15:27

Description

Vulnerability Description

GuppY contains a flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate user-supplied input upon submission to the postguest module. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

Solution Description

Upgrade to version 2.4p2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

GuppY contains a flaw that allows a remote cross site scripting attack.
This flaw exists because the application does not validate user-supplied input upon submission to the postguest module. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

References:

Vendor URL: http://www.freeguppy.org/ Vendor Specific Solution URL: http://www.freeguppy.org/download.php?lng=en Vendor Specific Advisory URL Secunia Advisory ID:9889 ISS X-Force ID: 13306 Bugtraq ID: 8768