4.3
CVSSv2

CVE-2011-5026

Published: 29/12/2011 Updated: 29/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook prior to 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information.

Affected Products

Vendor Product Versions
WinnWinn Guestbook2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8b, 2.4.8c

Exploits

# Exploit Title: Winn Guestbook v248c Stored XSS # Date: 12/29/11 # Author: G13 # Software Link: codegooglecom/p/winn-guestbook/, wwwwinnws # Version: 248c # Category: webapps (php) # CVE: 2011-5026 ##### Vulnerability ##### There is no sanitation on the input of the name variable This allows malicious scripts to be added ...