EV0077.txt

🗓️ 26 Feb 2006 00:00:00Reported by Aliaksandr HartsuyeuType

packetstorm🔗 packetstormsecurity.com👁 26 Views

New eVuln Advisory: Guestex XSS Vulnerability, EV0077, CVE-2006-0776, Guestext, Cross-Site Scripting, Remote, Unpatched. No reply from developer(s)

Reporter	Title	Published	Views	Family All 6
CVE	CVE-2006-0776	19 Feb 200600:00	–	cve
Cvelist	CVE-2006-0776	19 Feb 200600:00	–	cvelist
EUVD	EUVD-2006-0782	7 Oct 202500:30	–	euvd
NVD	CVE-2006-0776	19 Feb 200600:02	–	nvd
Prion	Cross site scripting	19 Feb 200600:02	–	prion
securityvulns	[eVuln] Guestex XSS Vulnerability	25 Feb 200600:00	–	securityvulns

`New eVuln Advisory:  
Guestex XSS Vulnerability  
http://evuln.com/vulns/77/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0077  
CVE: CVE-2006-0776  
Software: Guestext  
Sowtware's Web Site: http://www.teca-scripts.com/  
Versions: 1.0  
Critical Level: Harmless  
Type: Cross-Site Scripting  
Class: Remote  
Status: Unpatched. No reply from developer(s)  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Vulnerable Script: guestex.pl  
  
Variable $form{'url'} isn't properly sanitized. This can be used to post arbitrary javascript code.  
  
  
--------------Exploit----------------------  
Available at: http://evuln.com/vulns/77/exploit.html  
  
When adding new record:  
  
URL: javascript:alert(123)  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
.  
  
`

26 Feb 2006 00:00Current

6.7Medium risk

Vulners AI Score6.7

EPSS0.00804