3 matches found
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13948
The CVE-2019-13948 issue affects SyGuestBook A5 Version 1.2, where a stored XSS vulnerability arises from isValidData not properly filtering XSS payloads in include/functions.php. TheExploit vector demonstrated uses an onerror attribute in an IMG tag to inject script, enabling script execution in...