Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions prior to 0.8, allow remote malicious users to inject arbitrary web script or HTML via (1) HTML tags that follow a "" string, which bypasses a regular expression check, and (2) other unspecified attack vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
michael salzer guestbox 0.6 |