Cross site scripting

2019-07-1816:15:00

PRIOn knowledge base

www.prio-n.com

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.0%

JSON

SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element.

CPENameOperatorVersion
syguestbook_a5eq1.2

CPE	Name	Operator	Version
	syguestbook_a5	eq	1.2

References

fragrant10.github.io/2019/02/22/SyGuestBookA5%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.html

github.com/fragrant10/fragrant10.github.io/blob/master/_posts/2019-02-22-SyGuestBookA5%E4%BB%A3%E7%A0%81%E5%AE%A1%E8%AE%A1.md