6 matches found
EUVD-2019-5216
Malware in sbrugna...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13949
SyGuestBook A5 Version 1.2 has no CSRF protection mechanism, as demonstrated by CSRF for an index.php?c=Administrator&a=update admin password change...
CVE-2019-13949
The CVE-2019-13949 entry documents a CSRF vulnerability in SyGuestBook A5 Version 1.2 where there is no CSRF protection. The underlying issue allows an attacker to trigger a request to index.php?c=Administrator&a=update (admin password change) without authentication, enabling unauthorized admin p...
CVE-2019-13948
SyGuestBook A5 Version 1.2 allows stored XSS because the isValidData function in include/functions.php does not properly block XSS payloads, as demonstrated by a crafted use of the onerror attribute of an IMG element...
CVE-2019-13948
The CVE-2019-13948 issue affects SyGuestBook A5 Version 1.2, where a stored XSS vulnerability arises from isValidData not properly filtering XSS payloads in include/functions.php. TheExploit vector demonstrated uses an onerror attribute in an IMG tag to inject script, enabling script execution in...