Vulners
Lucene search
vlBookXSS.txt
`vlBook 1.02 Advisory
====================
Date:
-----
2005 June 23
Product:
--------
vlBook 1.02 © 2005
Vendor:
-------
http://vlab.info/
Descriptions:
-------------
The vlbook is a free, open source and light-weight guestbook written in PHP using flat files to store messages
and settings. It comes with install script for quick and effortless installation. Features include a WYSIWYG Editor,
template based skins, multilingual support, avatars packs and more.
Exploit(s)/Vulnerability(ies):
------------------------------
- XSS Vulnerability -
This product is vulnerable to an XSS Attack. The variable message is not properly sanitised before being used; so a malicious
people can inject arbitrary XSS code.
PoC 0f XSS:
-----------
If an attacker put in the field "Message*:" this code:
<script>alert("XSS ATTACK")</script>
Further information:
--------------------
googledorks: Powered by vlBook 1.02 © 2005
Vendor Status:
--------------
Informed but I've not received the reply.
Credits:
--------
Omnipresent
[email protected]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Jun 2006 00:00Current
7.4High risk
Vulners AI Score7.4