Published: 04/10/2002 Updated: 10/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Scripts For Educators MakeBook 2.2 CGI program allows remote malicious users to execute script as other visitors, or execute server-side includes (SSI) as the web server, via the (1) Name or (2) Email parameters, which are not properly filtered.

Vulnerable Product	Search on Vulmon	Subscribe to Product
scripts for educators makebook 2.2

source: wwwsecurityfocuscom/bid/4996/info The MakeBook guestbook software does not sufficiently sanitize potentially dangerous characters from form field input This may enable attackers to inject arbitrary HTML into form fields, which will be stored on guestbook pages Additionally, it has been demonstrated that SSI (Server-Side Includes ...

NVD-CWE-Other http://www.iss.net/security_center/static/9356.php http://www.tesol.net/scriptmail.html http://www.linguistic-funland.com/scripts/MakeBook/makebook.script http://www.securityfocus.com/bid/4996 http://cert.uni-stuttgart.de/archive/bugtraq/2002/06/msg00135.html http://archives.neohapsis.com/archives/bugtraq/2002-06/0094.html https://nvd.nist.gov https://www.exploit-db.com/exploits/21535/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2002-0948

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect