Vulners
Lucene search
guestbookPHP.txt
🗓️ 14 Feb 2006 00:00:00Reported by Micha BorrmannType 
packetstorm🔗 packetstormsecurity.com👁 30 Views
`-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------
SySS-Advisory: XSS-vulnerability in guestbook-php-script
- -------------------------------------------------------------------
Problem discovered: February 3d 2006
Vendor contacted: February 7th 2006
Advisory published: February 13th 2006
AUTHOR: Micha Borrmann ([email protected])
SySS GmbH
D-72070 Tuebingen / Germany
APPLICATION: gastbuch
AFFECTED VERSION: all < 1.3.3 (1.3.2 tested)
Remotely exploitable: Yes
SEVERITY: Medium
DESCRIPTION:
The guestbook software published on http://www.php4scripte.de/gast.php
allows HTML- and javascriptcode to be injected in the "URL"-field.
EXAMPLE:
http://www.site.com/"<script>alert(123)</script>"
VENDOR STATUS: The vendor published a fixed version (1.3.3) on
http://www.php4scripte.de
less than five hours after the problem was reported.
-----BEGIN PGP SIGNATURE-----
iD8DBQFD8LQv5r2byszldyARAl9IAJ9n+jrUZnCExYy2B+Gc3nbDZ7h6EQCfYi4q
sPY/y7iexfBvUzOoq69DnuQ=
=XMsJ
-----END PGP SIGNATURE-----
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Feb 2006 00:00Current
7.4High risk
Vulners AI Score7.4