23 matches found
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13948
The CVE-2019-13948 issue affects SyGuestBook A5 Version 1.2, where a stored XSS vulnerability arises from isValidData not properly filtering XSS payloads in include/functions.php. TheExploit vector demonstrated uses an onerror attribute in an IMG tag to inject script, enabling script execution in...
Cross-Site Scripting Vulnerability in SyGuestBook
SyGuestBook is a multifunctional message board system that continues to be developed with php+MySQL. SyGuestBook version 1.1 suffers from a cross-site scripting vulnerability, which is caused by the program's failure to effectively filter user-submitted data. An attacker can exploit the...