Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x up to and including 2.0.0-r1 and prior to 2.0.1 RC5 allow remote malicious users to inject arbitrary web script or HTML via the (1) comment, (2) email, (3) homepage, (4) id, (5) name, and (6) text parameters in (a) index.php, the (7) comment, (8) email, (9) homepage, (10) number, (11) name, and (12) text parameters in (b) admin/guestbook.php, and the (13) email, (14) homepage, (15) icq, (16) name, and (17) text parameters in (c) admin/edit.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
myphp guestbook myphp guestbook 1.8 |
||
myphp guestbook myphp guestbook 1.8.3 |
||
myphp guestbook myphp guestbook 2.0.0_rc1 |
||
myphp guestbook myphp guestbook 2.0.0_rc2 |
||
myphp guestbook myphp guestbook 1.0 |
||
myphp guestbook myphp guestbook 2.0.0_alpha |
||
myphp guestbook myphp guestbook 2.0.0_beta |
||
myphp guestbook myphp guestbook 2.0.1_rc3 |
||
myphp guestbook myphp guestbook 2.0.1_rc4 |
||
myphp guestbook myphp guestbook 2.0.0 |
||
myphp guestbook myphp guestbook 2.0.0-r1 |
||
myphp guestbook myphp guestbook 2.0.1_rc1 |
||
myphp guestbook myphp guestbook 2.0.1_rc2 |
||
myphp guestbook myphp guestbook 1.9 |
||
myphp guestbook myphp guestbook 1.9.2 |
||
myphp guestbook myphp guestbook 2.0.0_rc3 |
||
myphp guestbook myphp guestbook 2.0.0_rc4 |
||
myphp guestbook myphp guestbook 2.0.1_beta |