4 matches found
EUVD-2006-0865
Malware in sbrugna...
Design/Logic Flaw
Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via 1 HTML tags that follow a "http://" string, which bypasses a regular expression check, and 2 other unspecified attack...
CVE-2006-0860
CVE-2006-0860 affects Michael Salzer Guestbox 0.6 and other versions before 0.8, where multiple XSS vulnerabilities exist. The underlying issue is that HTML tags following a "http://" string bypass a regex check, enabling remote injection of script/HTML; other attack vectors are also noted. No pu...