gastbuch versions 1.3.2 and below are susceptible to cross site scripting.
10800f5d68d19645c993ed7441ba1f86c4a93f2b7c2442a311397c86bf4e10c7-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------
SySS-Advisory: XSS-vulnerability in guestbook-php-script
- -------------------------------------------------------------------
Problem discovered: February 3d 2006
Vendor contacted: February 7th 2006
Advisory published: February 13th 2006
AUTHOR: Micha Borrmann (borrmann@syss.de)
SySS GmbH
D-72070 Tuebingen / Germany
APPLICATION: gastbuch
AFFECTED VERSION: all < 1.3.3 (1.3.2 tested)
Remotely exploitable: Yes
SEVERITY: Medium
DESCRIPTION:
The guestbook software published on https://www.php4scripte.de/gast.php
allows HTML- and javascriptcode to be injected in the "URL"-field.
EXAMPLE:
https://www.site.com/"<script>alert(123)</script>"
VENDOR STATUS: The vendor published a fixed version (1.3.3) on
https://www.php4scripte.de
less than five hours after the problem was reported.
-----BEGIN PGP SIGNATURE-----
iD8DBQFD8LQv5r2byszldyARAl9IAJ9n+jrUZnCExYy2B+Gc3nbDZ7h6EQCfYi4q
sPY/y7iexfBvUzOoq69DnuQ=
=XMsJ
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed