Jbook Cross Site Scripting

2006-04-11T00:00:00
ID SECURITYVULNS:DOC:12155
Type securityvulns
Reporter Securityvulns
Modified 2006-04-11T00:00:00

Description

Title : Jbook Cross Site Scripting Author: Mourad aka Psych0 Moroccan Security Team Vendor: www.jmuller.net Version: 1.3

Jbook Guestbook is a PHP/MySQL based guestbook script.

Vulnerability in index.php, this issue can allow an attacker to bypass content filters and potentially carry out xss attacks.

Example:

http://target/path/index.php?page=[xsscode]