Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormG13PACKETSTORM:108229
HistoryDec 29, 2011 - 12:00 a.m.

Winn Guestbook 2.4.8c Cross Site Scripting

2011-12-2900:00:00
G13
packetstormsecurity.com
21

0.003 Low

EPSS

Percentile

68.1%

JSON
`# Exploit Title: Winn Guestbook v2.4.8c Stored XSS  
# Date: 12/29/11  
# Author: G13  
# Software Link: http://code.google.com/p/winn-guestbook/,   
http://www.winn.ws  
# Version: 2.4.8c  
# Category: webapps (php)  
# CVE: 2011-5026  
  
##### Vulnerability #####  
  
There is no sanitation on the input of the name variable. This allows   
malicious scripts to be added. This is a stored XSS.  
  
##### Vendor Notification #####  
  
12/24/11 - Vendor Notified.  
12/27/11 - Vendor Acknowledged, Patch Issued.  
  
##### Resolution #####  
  
Upgrade to Version 2.4.8d  
  
##### Affected Variables #####  
  
name=[XSS]  
  
##### Exploit #####  
  
The script can be added right in the page, there is no filtering of   
input. This can easily be exploited if the email address used is added   
to the "approved posters" list.  
`

Related

prion 1
cve 1
securityvulns 1
prion
prion
Cross site scripting
2011-12-29 04:15:00
cve
cve
CVE-2011-5026
2011-12-29 04:15:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2012-01-09 00:00:00

0.003 Low

EPSS

Percentile

68.1%

JSON
Related for PACKETSTORM:108229
prion1cve1securityvulns1