2 matches found
CVE-2009-3328
Cross-site scripting XSS vulnerability in sign.php in WX-Guestbook 1.1.208 allows remote attackers to inject arbitrary web script or HTML via the sName parameter aka the name field. NOTE: some of these details are obtained from third party information...
CVE-2009-3328
WX-Guestbook 1.1.208 contains a cross-site scripting (XSS) flaw in sign.php, exploitable via the sName parameter (the name field). The vulnerability allows remote script or HTML injection. Root cause: insufficient input sanitization on sName leading to script execution in the browser context. Doc...