{"id": "SECURITYVULNS:DOC:27537", "bulletinFamily": "software", "title": "Tinyguestbook XSS", "description": "# Exploit Title: Tinyguestbook XSS\r\n# Date: 01/03/12\r\n# Author: G13\r\n# Software Link: http://code.google.com/p/tinyguestbook/\r\n# Category: webapps (php)\r\n#\r\n\r\n##### Vulnerability #####\r\n\r\nThere is no sanitation on the input of the msg variable. This allows \r\nmalicious scripts to be added. This is a stored XSS\r\n\r\n##### Vendor Notification #####\r\n\r\n12/23/11 - Vendor Notified.\r\n12/27/11 - Vendor email.\r\n01/03/12 - No response, disclosure\r\n\r\n##### Affected Variables #####\r\n\r\nMsg=[XSS]\r\n\r\n##### Exploit #####\r\n\r\nThe script can be added right in the page, there is no filtering of \r\ninput.\r\n", "published": "2012-01-09T00:00:00", "modified": "2012-01-09T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27537", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:43", "edition": 1, "viewCount": 7, "enchantments": {"score": {"value": 1.8, "vector": "NONE"}, "dependencies": {"references": []}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:12133"]}]}, "exploitation": null, "vulnersScore": 1.8}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}

{}