Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2003-1348

Publish Date: 25 Jan 2003

                							

                source: http://www.securityfocus.com/bid/6686/info

Guestbook does not adequately filter HTML tags from various fields. This may enable an attacker to inject arbitrary script code into pages that are generated by the guestbook.

The attacker's script code may be executed in the web client of arbitrary users who view the pages generated by the guestbook, in the security context of the website running the software.

The following proof of concept was provided by inserting malicious HTML code into the Title, Name and Comment fields:

&lt;script&gt;alert('test')&lt;/script&gt;

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

FTLS Guestbook 1.1 - Script Injection

Vulmon Search

About

Products

Connect