CVE-2006-3063 Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook 1.x through 2.0.0-r1 and before 2.0.1 RC5 allow remote attackers to inject arbitrary web script or HTML via the (1) comment (2) email (3) homepage (4) id (5) name and (6) text parameters in (a) index.php the (7) comment (8) email (9) homepage (10) number (11) name and (12) text parameters in (b) admin/guestbook.php and the (13) email (14) homepage (15) icq (16) name and (17) text parameters in (c) admin/edit.php.
Reference
http://secunia.com/advisories/20764 http://www.networkarea.ch/forum/topic.php?id=4&s=9106beea248ecd1a552439168ada227e http://www.securityfocus.com/bid/18582 http://www.vupen.com/english/advisories/2006/2480 https://exchange.xforce.ibmcloud.com/vulnerabilities/27293
Share on: