[Full-disclosure] TP-Book <= 1.00 Cross Site Scripting Vulnerabilities

2006-07-26T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Advisory: TP-Book <= 1.00 Cross Site Scripting Vulnerabilities Release Date: 2006/07/25 Last Modified: 2006/07/25 Author: Tamriel [tamriel at gmx dot net] Application: TP-Book <= 1.00 Risk: Low Vendor Status: not contacted Vendor Site: tobias.kloy.googlepages.com Overview: Quote from tobias.kloy.googlepages.com: "Das Gaestebuch verfuegt uber folgende Features: - Anpassbare Templates - Viele Systeme, um Dauerspammer auszuschlie?en - Admincontrol-Panel - Einfache Installation durch einen Wizard" Details: In your guestbook posts the name will not be checked by the script. Attackers can so perform cross site scripting attacks. Solution: Take a view on PHP's htmlentities function. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (MingW32) iD8DBQFExnoFqBhP+Twks7oRAvnvAJ93lO3W/o+PmtaTKitjw6qVxkXK0gCfR67W af8OIcTNC9Ggkrwlk4QLyHo= =sIc9 -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

{"id": "SECURITYVULNS:DOC:13631", "bulletinFamily": "software", "title": "[Full-disclosure] TP-Book <= 1.00 Cross Site Scripting Vulnerabilities", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n \r\n Advisory: TP-Book <= 1.00 Cross Site Scripting Vulnerabilities\r\n Release Date: 2006/07/25\r\n Last Modified: 2006/07/25\r\n Author: Tamriel [tamriel at gmx dot net]\r\n Application: TP-Book <= 1.00\r\n Risk: Low\r\n Vendor Status: not contacted\r\n Vendor Site: tobias.kloy.googlepages.com\r\n\r\n\r\n Overview:\r\n\r\n Quote from tobias.kloy.googlepages.com:\r\n\r\n "Das Gaestebuch verfuegt uber folgende Features:\r\n - Anpassbare Templates\r\n - Viele Systeme, um Dauerspammer auszuschlie?en\r\n - Admincontrol-Panel\r\n - Einfache Installation durch einen Wizard"\r\n\r\n\r\n Details:\r\n\r\n In your guestbook posts the name will not be checked by the script.\r\n Attackers can so perform cross site scripting attacks.\r\n\r\n\r\n Solution:\r\n\r\n Take a view on PHP's htmlentities function.\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.3 (MingW32)\r\n \r\niD8DBQFExnoFqBhP+Twks7oRAvnvAJ93lO3W/o+PmtaTKitjw6qVxkXK0gCfR67W\r\naf8OIcTNC9Ggkrwlk4QLyHo=\r\n=sIc9\r\n-----END PGP SIGNATURE-----\r\n\r\n_______________________________________________\r\nFull-Disclosure - We believe in it.\r\nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\r\nHosted and sponsored by Secunia - http://secunia.com/", "published": "2006-07-26T00:00:00", "modified": "2006-07-26T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13631", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:18", "edition": 1, "viewCount": 87, "enchantments": {"score": {"value": 0.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6410"]}], "rev": 4}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6410"]}]}, "exploitation": null, "vulnersScore": 0.5}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645415693, "score": 1659803227}, "_internal": {"score_hash": "24513768aa3ddf7b75687b8f0608d8a9"}}

[Full-disclosure] TP-Book &lt;= 1.00 Cross Site Scripting Vulnerabilities

Description

[Full-disclosure] TP-Book <= 1.00 Cross Site Scripting Vulnerabilities