Published: 18/07/2006 Updated: 18/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Carbonize Lazarus Guestbook 1.6 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the show parameter in codes-english.php and (2) the img parameter in picture.php, after the name of an existing file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
carbonize lazarus guestbook

source: wwwsecurityfocuscom/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This may ...

source: wwwsecurityfocuscom/bid/18956/info Lazarus Guestbook is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site This m ...

NVD-CWE-Other http://www.securityfocus.com/bid/18956 http://securitytracker.com/id?1016486 http://secunia.com/advisories/21034 http://www.osvdb.org/27089 http://www.osvdb.org/27090 http://www.vupen.com/english/advisories/2006/2784 https://exchange.xforce.ibmcloud.com/vulnerabilities/27716 https://exchange.xforce.ibmcloud.com/vulnerabilities/27714 http://www.securityfocus.com/archive/1/439904/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/28211/

CVE-2006-3616

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect