Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php. NOTE: The index.php/entry vector might be resultant from CVE-2005-1548.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/1230.html | Exploit |
http://www.morx.org/guestbook.txt | Exploit |
http://www.osvdb.org/22188 | Exploit |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:22:45
Updated: 2022-10-03T16:22:45
Reserved: 2022-10-03T00:00:00
Link: CVE-2005-4649
JSON object: View
NVD Information
Status : Analyzed
Published: 2005-12-31T05:00:00.000
Modified: 2008-09-05T20:57:26.547
Link: CVE-2005-4649
JSON object: View
Redhat Information
No data.
CWE