Jax Guestbook Security Vulnerabilities and Issues — Jax Guestbook CVE List

Lucene search

Jax ScriptsJax Guestbook

3 matches found

CVE•added 2009/12/29 8:41 p.m.•54 views

CVE-2009-4447

Jax Guestbook 3.5.0 allows remote attackers to bypass authentication and modify administrator settings via a direct request to admin/guestbook.admin.php.

7.5CVSS6.9AI score0.02526EPSS

CVE•added 2009/03/31 5:30 p.m.•34 views

CVE-2005-4879

Multiple cross-site scripting (XSS) vulnerabilities in jax_guestbook.php in Jax Guestbook 3.1 and 3.31 allow remote attackers to inject arbitrary web script or HTML via the (1) gmt_ofs and (2) language parameters. NOTE: the page parameter is already covered by CVE-2006-1913. NOTE: it was later repo...

4.3CVSS5.8AI score0.01234EPSS

CVE•added 2009/03/31 5:30 p.m.•33 views

CVE-2005-4880

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

5CVSS6.5AI score0.02188EPSS