3 matches found
CVE-2006-0859
CVE-2006-0859 affects Michael Salzer Guestbox 0.6 and earlier versions up to 0.7/0.8 pre-release? It describes a vulnerability where remote attackers can post an admin comment to a guestbook entry via a modified form, possibly related to the nummer parameter. The connected sources corroborate the...
CVE-2006-0861
The CVE-2006-0861 entry concerns Michael Salzer Guestbox 0.6 and earlier than 0.8, where a direct request to /gb/gblog can disclose the source IP addresses of guestbook entries. The NVD summary notes a network-accessible issue with low attack complexity and no authentication, yielding partial con...
CVE-2006-0860
CVE-2006-0860 affects Michael Salzer Guestbox 0.6 and other versions before 0.8, where multiple XSS vulnerabilities exist. The underlying issue is that HTML tags following a "http://" string bypass a regex check, enabling remote injection of script/HTML; other attack vectors are also noted. No pu...