Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2002-2339

Published: 31/12/2002 Updated: 05/09/2008
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Subscribe to Script Shed

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote malicious users to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags.

Vulnerable Product Search on Vulmon Subscribe to Product

script shed ssgbook 1.0

Exploits

Exploit DB: SSGBook 1.0 - Image Tag HTML Injection
source: wwwsecurityfocuscom/bid/5915/info SSGbook includes codes for allowing users to specify HTML formatting and layout inside of guestbook entries For example, a user can include an image by including it inside of [image] or [img] tags However, arbitrary HTML and script code are not sufficiently sanitized within these tags As a res ...

References

CWE-79http://online.securityfocus.com/archive/1/294299http://archives.neohapsis.com/archives/bugtraq/2003-10/0009.htmlhttp://www.securityfocus.com/bid/5915http://www.iss.net/security_center/static/10331.phphttps://nvd.nist.govhttps://www.exploit-db.com/exploits/21914/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook